home

9ztsq.exe

jwQUtbm

Kolac

The application 9ztsq.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.inditedexplanatory.webcam.
Publisher:
Kolac

Product:
jwQUtbm

Description:
BzLtlr6N

Version:
192.155.200.49

MD5:
a3e106f93cf8bb6059782528a90dd5f3

SHA-1:
db465adc2a42f196f555b2034c8083910dd8a5b2

SHA-256:
08f745c8b4be36cf15f8c4ea349a4f13c1e501bb9150a219cddaa0d4482ff69a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/20/2024 6:08:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Amonetize.Kolac.Meta (M)
16.7.11.5

File size:
830 KB (849,920 bytes)

Product version:
192.155.200.49

Original file name:
hBs4EQYW3tErzgw

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\9ztsq.exe

File PE Metadata
Compilation timestamp:
7/11/2016 12:39:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:hsFelw0PMsQHUKe0vI6rvXNKBSy/N6wpRUKNwco9n:lw0PMsQHUvELr1AF/NvpRUKKc2

Entry address:
0x811B

Entry point:
E8, DE, 68, 00, 00, E9, 18, FE, FF, FF, 6A, 03, E8, 92, 68, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 85, 68, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, F8, 14, 43, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 68, 76, 42, 00, 74, 0A, 40, 83, F8, 17, 72, F1, 33, C0, 5D, C3, 8B, 04, C5, 6C, 76, 42, 00, 5D, C3, EB, 08, E8, F0, FF, FF, FF, EB, 00, B8, 90, 90, EB, 04, C3, B8, 83, F8, 55, 8B, EC, 81, EC, FC, 01...
 
[+]

Entropy:
7.5634

Code size:
146 KB (149,504 bytes)

The file 9ztsq.exe has been seen being distributed by the following URL.

http://www.inditedexplanatory.webcam/.../9ztsq.exe

Remove 9ztsq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.