» {5bb58bd6-28fc-4f8b-a11c-0b25b6178b45}
Overview
Analysis
File Details

{5bb58bd6-28fc-4f8b-a11c-0b25b6178b45}

Downloader

AND LLC

The file {5bb58bd6-28fc-4f8b-a11c-0b25b6178b45} by AND has been detected as adware by 20 anti-malware scanners.

File name:

Publisher:

AND LLC (signed and verified)

Product:

Downloader

Version:

1, 0, 0, 0

MD5:

5e934aa312fa437ce85c42d0c03e6ead

SHA-1:

2d169250b86ad799289429e03f2bf3fcc118afb3

SHA-256:

88ae12a440dd0e4b66d06040a77cdb60cff4cb0d17148c11cde0d7857e377062

Scanner detections:

20 / 68

Status:

Adware

Analysis date:

4/19/2024 9:47:04 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.LoadMoney

2013.11.04

Avira AntiVirus

DR/Delphi.Gen

7.11.110.204

avast!

Win32:LoadMoney-AG [PUP]

2014.9-150626

AVG

Win32/Cryptor

2016.0.3074

Bitdefender

Gen:Variant.Strictor.42822

1.0.20.850

Comodo Security

TrojWare.Win32.Kryptik.BNMN

17208

Dr.Web

Trojan.LoadMoney.188

9.0.1.0170

Emsisoft Anti-Malware

Gen:Variant.Strictor.42822

8.15.06.19.04

ESET NOD32

Win32/LoadMoney.BG (variant)

9.9000

F-Secure

Gen:Variant.Strictor.42822

11.2015-19-06_6

G Data

Gen:Variant.Strictor.42822

15.6.22

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

14.0.0.1864

Malwarebytes

Trojan.LoadMoney

v2015.06.19.04

McAfee

PUP-FEA!5E934AA312FA

5600.6730

Norman

LoadMoney.LLC

11.20150626

Panda Antivirus

Trj/Genetic.gen

15.06.19.04

Reason Heuristics

PUP.AND (M)

15.6.19.0

Sophos

Troj/LdMon-D

4.94

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Kryptik.bnre

23010

File size:

135.4 KB (138,656 bytes)

Product version:

1, 0, 0, 0

Original file name:

Downloader.exe

Digital Signature

Signed by:

AND LLC

Authority:

COMODO CA Limited

Valid from:

10/10/2013 3:00:00 AM

Valid to:

10/11/2014 2:59:59 AM

Subject:

CN=AND LLC, O=AND LLC, STREET="Marshala Fedorenko street, 7", L=Moscow, S=Moscow, PostalCode=125599, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

77019A082385E4B73F569569C9F87BB8

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:Wnm3DXh2VA9AzqF9jQcnOS5iGq8WweZnDM2LBAShx0JhOUvwrhUN9P7/U:v6rqF9xnOS5iVPRDM2NAdD4

Entry address:

0x18D14

Entry point:

83, 3D, A0, B5, 41, 00, 00, 75, 36, 89, 40, 8C, 41, 00, FF, 25, 28, 8D, 41, 00, 93, 8D, 41, 00, 62, 89, 05, FF, B0, 41, 00, 89, 15, 25, B0, 41, 00, 89, 35, E2, B0, 41, 00, 89, 0D, FF, B0, 41, 00, BB, 36, 01, 00, 00, 83, 3D, 28, B2, 41, 00, 00, 74, CF, E8, DC, FE, FF, FF, 8B, 05, 1F, B0, 41, 00, 89, 1D, 1A, B0, 41, 00, 89, 3D, C7, B0, 41, 00, 8B, 05, 80, B1, 41, 00, 85, C0, 74, B9, C7, 05, 14, B0, 41, 00, 04, 10, 40, 00, C7, 05, 18, B0, 41, 00, DC, 15, 40, 00, FF, 25, 14, B0, 41, 00, 89, FC, 32, 40, 00, 89... 
[+]

Code size:

96 KB (98,304 bytes)

Remove {5bb58bd6-28fc-4f8b-a11c-0b25b6178b45} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.