» 5d9pn.exe
Overview
Analysis
File Details
Downloads (2)

5d9pn.exe

UQ2lVHM1pDKKZbN

PLT

The application 5d9pn.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.semiofficialkestrelkestrels.webcam and multiple other hosts.

File name:

5d9pn.exe

Publisher:

PLT

Product:

UQ2lVHM1pDKKZbN

Description:

XT9AELNr1j

Version:

28.137.77.168

MD5:

e87b44e35dbbc02130c33026c6a8a014

SHA-1:

aa7ef1fcdc5d3b11cd464205e0890759396593cf

SHA-256:

e17ef3d1a906685a7138ac71627a509311bb645628f8e84023bdf43f0d5501be

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/3/2024 11:56:42 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Amonetize

16.7.16.22

File size:

633 KB (648,192 bytes)

Product version:

28.137.77.168

buoLpslNT8F4

Trademarks:

SW Good M

Original file name:

osetup.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\5d9pn.exe

File PE Metadata

Compilation timestamp:

6/25/2016 9:46:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Rcgt92lQTDZtaDQM53HUDCsjpDiyqwIq76bnAmIY7cY3:RzGOTFtit5k2sjpeyqt1VI3Y3

Entry address:

0xC47F

Entry point:

E8, 7A, 68, 00, 00, E9, 26, FE, FF, FF, FF, 35, 28, 82, 43, 00, FF, 15, 48, 90, 42, 00, C3, FF, 35, 28, 82, 43, 00, FF, 15, 48, 90, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 35, 4E, 00, 00, 6A, 01, 6A, 00, E8, 1E, 6F, 00, 00, 83, C4, 0C, E9, 35, 6F, 00, 00, 55, 8B, EC, 56, FF, 35, 28, 82, 43, 00, FF, 15, 48, 90, 42, 00, FF, 75, 08, 8B, F0, FF, 15, 44, 90, 42, 00, A3, 28, 82, 43, 00, 8B, C6, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0... 
[+]

Code size:

160 KB (163,840 bytes)

The file 5d9pn.exe has been seen being distributed by the following 2 URLs.

http://www.semiofficialkestrelkestrels.webcam/.../pm9dk.exe

http://www.semiofficialkestrelkestrels.webcam/.../5d9pn.exe

Remove 5d9pn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.