» 9af7ee35d9.exe
Overview
Analysis
File Details
Downloads (2)

9af7ee35d9.exe

Yordan Damyanov

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 9af7ee35d9.exe by Yordan Damyanov has been detected as adware by 36 anti-malware scanners. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.colompia.info and multiple other hosts.

File name:

9af7ee35d9.exe

Publisher:

Yordan Damyanov (signed and verified)

MD5:

b1944d92cf33cacf68b46b40e5ac4594

SHA-1:

8e3836aa212d868f4cc48c918938b4b52d9aad33

SHA-256:

d9e57884ea83776353a914d455f38057080c7182b2e45af0bfe4b434309ae9b5

Scanner detections:

36 / 68

Status:

Adware

Analysis date:

4/19/2024 11:18:07 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.113234

515

Agnitum Outpost

PUA.Vonteera

7.1.1

AhnLab V3 Security

Adware/Win32.MultiPlug

2015.07.25

Avira AntiVirus

ADWARE/Vonteera.rta

8.3.1.6

Arcabit

Trojan.Zusy.D1BA52

1.0.0.425

avast!

Win32:Adware-gen [Adw]

2014.9-150907

AVG

Generic_r

2016.0.2993

Baidu Antivirus

Adware.Win32.Vonteera

4.0.3.1597

Bitdefender

Gen:Variant.Zusy.113234

1.0.20.1250

Bkav FE

W32.HfsAdware

1.3.0.6979

Comodo Security

ApplicUnwnt

22857

Dr.Web

Adware.Volaro.3

9.0.1.0250

Emsisoft Anti-Malware

Gen:Variant.Zusy.113234

8.15.09.07.02

ESET NOD32

Win32/AdWare.Vonteera (variant)

9.11993

Fortinet FortiGate

Riskware/Vonteera

9/7/2015

F-Secure

Gen:Variant.Zusy.113234

11.2015-07-09_2

G Data

Gen:Variant.Zusy.113234

15.9.25

IKARUS anti.virus

PUA.Vonteera

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.207.16676

Kaspersky

Trojan.Win32.Adond

14.0.0.1462

Malwarebytes

PUP.Optional.Vonteera.A

v2015.09.07.02

McAfee

Artemis!B1944D92CF33

5600.6649

Microsoft Security Essentials

Adware:Win32/Brya

1.1.11903.0

MicroWorld eScan

Gen:Variant.Zusy.113234

16.0.0.750

NANO AntiVirus

Riskware.Win32.Vonteera.dkluqu

0.30.24.2668

Panda Antivirus

Trj/CI.A

15.09.07.02

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Quick Heal

Trojan.Adond.r5

9.15.14.00

Reason Heuristics

PUP.WebPick.YordanDamyanov (M)

15.9.7.14

Sophos

Vonteera

4.98

Trend Micro House Call

TROJ_SPNR.3AKG14

7.2.250

Trend Micro

TROJ_SPNR.3AKG14

10.465.07

Vba32 AntiVirus

AdWare.Vonteera

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

42302

ViRobot

Trojan.Win32.A.Adond.704072.A[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Adond.Win32.9885

2.0.0.2314

File size:

687.6 KB (704,072 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\9af7ee35d9.exe

Digital Signature

Signed by:

Yordan Damyanov

Authority:

COMODO CA Limited

Valid from:

10/7/2013 3:00:00 AM

Valid to:

10/8/2015 2:59:59 AM

Subject:

CN=Yordan Damyanov, O=Yordan Damyanov, STREET=19 Dobri Voinikov Str, L=Sofia, S=Sofia, PostalCode=1000, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FEEF0D77D0AC7E55D4E7707B384AC901

File PE Metadata

Compilation timestamp:

11/3/2014 12:38:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:73lUKFqYj9KVm8aLe2x+SCDhukdG5g1ZBPpWvVi72A1MG//ffI2d/EnpvX:73lUEdaTxdG5iZJEVi6I/ffjZEpvX

Entry address:

0x11DFA

Entry point:

E8, FA, 6D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 73, 1A, 00, 00, 3B, 0D, A0, 84, 43, 00, 75, 02, F3, C3, E9, 76, 6E, 00, 00, 8B, FF, 51, C7, 01, DC, C4, 42, 00, E8, 6E, 6F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, BD, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, AC, 6F, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6... 
[+]

Entropy:

7.4355

Code size:

169.5 KB (173,568 bytes)

The file 9af7ee35d9.exe has been seen being distributed by the following 2 URLs.

http://www.colompia.info/.../66de16e.exe

http://91.74.184.36/.../9f2451.exe

Remove 9af7ee35d9.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.