home

16frrek_6180.exe

The application 16frrek_6180.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from cdn.shyapotato.us.
MD5:
00203787d2c3e86029ebcdac737b8164

SHA-1:
4b9618ceaca4e84b345e531a531bd11402779785

SHA-256:
f63d4c726176abe36a59c800123dae162d85911d5116009fc0f119932efb2dde

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
5/7/2024 10:51:00 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Adware-JM [PUP]
2014.9-131220

AVG
MultiBundle.D
2014.0.3619

Bitdefender
DeepScan:Generic.Mitglied
1.0.20.1200

Dr.Web
Trojan.DownLoader7.54308
9.0.1.0240

Emsisoft Anti-Malware
DeepScan:Generic.Mitglied
8.13.08.28.01

F-Prot
W32/AdAgent.AI.gen
v6.4.7.1.166

G Data
DeepScan:Generic.Mitglied
13.8.22

K7 AntiVirus
Adware
13.170.9059

McAfee
Artemis!00203787D2C3
5600.7180

MicroWorld eScan
DeepScan:Generic.Mitglied
14.0.0.720

Panda Antivirus
Suspicious file
13.08.28.01

SUPERAntiSpyware
Heur.Agent/Gen-WhiteBox
10705

Trend Micro House Call
TROJ_GEN.FFFCBAC
7.2.240

Trend Micro
TROJ_GEN.FFFCBAC
10.465.28

VIPRE Antivirus
InstallMonetizer
19732

File size:
1.4 MB (1,440,918 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\16frrek_6180.exe

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:83McHus872umRguuUmCr9uejsx6+G+8HXbJd5A8z3rGdKN2mwx8w8OSj:83McTYrmRguSC1jsMX+ybSVEM8w8OSj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9780

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 16frrek_6180.exe has been seen being distributed by the following URL.

http://cdn.shyapotato.us/nsi/.../16frrek_6180.exe

Remove 16frrek_6180.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.