» 320044_superfastdownload000_site
Overview
Analysis
File Details

320044_superfastdownload000_site

XCDPack

Tekhniks Resurs, TOV

The file 320044_superfastdownload000_site, “NeedfullSoft XCD Pack” by Tekhniks Resurs, TOV has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

NeedfullSoft (signed by Tekhniks Resurs, TOV)

Product:

XCDPack

Description:

NeedfullSoft XCD Pack

Version:

7.24.4.6

MD5:

02d6a92550a1954c83667a02b7a1e143

SHA-1:

9db3f21bb8c4cfaca0fbc9726ad4808760a4a063

SHA-256:

85c1a2e0b6ff75aad5f5d1c7ab1c24991da6c96be628aa168e706dc004105cf2

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 5:45:31 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Downware.15971, Trojan.Amonetize.13522

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Strictor.110521

16.07.18

ESET NOD32

Win32/Amonetize.VR potentially unwanted application

8.0.319.0

F-Secure

Variant.Strictor.110521

5.15.96

Reason Heuristics

PUP.Amonetize.Tekhniks (M)

16.7.18.18

File size:

857.4 KB (877,931 bytes)

Product version:

7.24.4.6

Original file name:

xcd.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\idm\dwnldata\fab tech0728913727\320044_superfastdownload000_site_341\320044_superfastdownload000_site

Digital Signature

Signed by:

Tekhniks Resurs, TOV

Authority:

COMODO CA Limited

Valid from:

6/29/2016 12:00:00 AM

Valid to:

6/29/2017 11:59:59 PM

Subject:

CN="Tekhniks Resurs, TOV", OU=IT, O="Tekhniks Resurs, TOV", STREET="bul. Ivana Lepse, 4", L=Kyyiv, S=Kyyiv, PostalCode=03067, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4BDBA94B8C9A739276B632612DDCA129

File PE Metadata

Compilation timestamp:

7/16/2016 3:08:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:xC0RkWQJFL06WlS+rp3Pp3qkgRHAujGL3l12adGb1On6185zkotE56KJSrs4uTd8:g+lQ+dskgG12R1O61UQAL4SrwTwx

Entry address:

0x361C

Entry point:

E8, A7, 22, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, FF, 15, 70, 30, 42, 00, 6A, 01, A3, 2C, D7, 42, 00, E8, 53, 29, 00, 00, FF, 75, 08, E8, CE, 28, 00, 00, 83, 3D, 2C, D7, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 39, 29, 00, 00, 59, 68, 09, 04, 00, C0, E8, 9C, 28, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 79, 78, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 10, D5, 42, 00, 89, 0D, 0C, D5, 42, 00, 89, 15, 08, D5, 42, 00, 89, 1D, 04, D5, 42, 00, 89, 35, 00, D5, 42, 00, 89, 3D, FC... 
[+]

Entropy:

6.9682

Code size:

135 KB (138,240 bytes)

Remove 320044_superfastdownload000_site - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.