» 9
Overview
Analysis
File Details

9

VIO Installer

SHLEMOON MEDIA INC

The file 9 by SHLEMOON MEDIA INC has been detected as adware by 6 anti-malware scanners. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

Publisher:

VIO (signed by SHLEMOON MEDIA INC)

Product:

VIO Installer

Version:

1.0.0.0

MD5:

83a05cd8659cc63b51adec46b2424cb6

SHA-1:

09d8e9a6c4fe429cd182d002270ba6ce9adf0436

SHA-256:

16eb6e4c185d7e2c55e2b4c6532c2360d4f088f96e1d9557d050e2f9a3d871dd

Scanner detections:

6 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Analysis date:

5/7/2024 1:58:18 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

ApplicUnwnt

16919

ESET NOD32

Win32/Adware.Moonshle (variant)

9.8788

Malwarebytes

PUP.BundleInstaller.VIO

v2015.08.03.09

Reason Heuristics

PUP.SHLEMOONMEDIA.Installer (M)

15.8.3.21

Trend Micro House Call

TROJ_GEN.F47V0625

7.2.215

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.0

File size:

198.3 KB (203,104 bytes)

Product version:

1.0.0.0

Common path:

C:\users\{user}\appdata\roaming\mobileditforensic\00000001\07008004\9

Digital Signature

Signed by:

SHLEMOON MEDIA INC

Authority:

DigiCert Inc

Valid from:

8/1/2012 2:00:00 AM

Valid to:

8/5/2013 2:00:00 PM

Subject:

CN=SHLEMOON MEDIA INC, O=SHLEMOON MEDIA INC, L=Woodbridge, S=Ontario, C=CA

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0F5EB861CF342DD9635C8401731A9914

File PE Metadata

Compilation timestamp:

6/25/2013 5:11:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:tCQyeUmtzFiI+Glp6PLgQ1EWxa5M1cENdQ8:sQye9ZNlmbF7dd

Entry address:

0x81FD

Entry point:

E8, FE, 5B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 46, 07, 00, 00, 6A, 16, 5E, 89, 30, E8, E0, 2B, 00, 00, 8B, C6, EB, 33, 8B, 45, 10, 85, C0, 75, 04, 88, 02, EB, E2, 8B, F2, 2B, F0, 8A, 08, 88, 0C, 06, 40, 84, C9, 74, 03, 4F, 75, F3, 85, FF, 75, 11, C6, 02, 00, E8, 10, 07, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, C6, 33, C0, 5F, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A... 
[+]

Code size:

81 KB (82,944 bytes)

Remove 9 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.