» a_volynets_-_gorod_zolotoy_zaycev_net.exe
Overview
Analysis
File Details

a_volynets_-_gorod_zolotoy_zaycev_net.exe

Downloader

AND LLC

The application a_volynets_-_gorod_zolotoy_zaycev_net.exe by AND has been detected as adware by 30 anti-malware scanners.

File name:

Publisher:

AND LLC (signed and verified)

Product:

Downloader

Version:

1, 0, 0, 0

MD5:

e0a81eae4563e76685f4f55194c2fc03

SHA-1:

fdd1699962e805249a17018b637e0584c7f940aa

SHA-256:

cb5c731d9a789cc4c3e159b7a5b7cd9760882e56e0ae4d98dc57cf4f85d3b742

Scanner detections:

30 / 68

Status:

Adware

Analysis date:

4/25/2024 6:54:34 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.IPZ.4

6758121

AhnLab V3 Security

Trojan/Win32.LoadMoney

2015.03.07

Avira AntiVirus

APPL/Downloader.ghk

7.11.214.72

avast!

Win32:LoadMoney-DY [Trj]

150303-0

AVG

Win32/Cryptor

2014.0.4257

Bitdefender

Gen:Heur.IPZ.4

1.0.20.325

Comodo Security

TrojWare.Win32.Kryptik.BNMK

21315

Dr.Web

Trojan.LoadMoney.188

9.0.1.05190

Emsisoft Anti-Malware

Gen:Heur.IPZ

9.0.0.4799

ESET NOD32

Win32/Kryptik.BPBB trojan

7.0.302.0

Fortinet FortiGate

W32/LoadMoney.CD!tr

3/6/2015

F-Prot

W32/LoadMoney.L6.gen

4.6.5.141

F-Secure

Gen:Heur.IPZ.4

5.13.68

G Data

Gen:Heur.IPZ

15.3.25

IKARUS anti.virus

not-a-virus:Downloader.Win32.LMN

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15187

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

15.0.0.543

Malwarebytes

PUP.Optional.LoadMoney

v2015.03.06.12

McAfee

Program.PUP-FNB

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.193.1887.0

MicroWorld eScan

Gen:Heur.IPZ.4

16.0.0.195

NANO AntiVirus

Trojan.Win32.LMN.cnjhdv

0.30.0.296

Norman

Gen:Heur.IPZ.4

02.01.2015 13:58:24

Panda Antivirus

Generic Suspicious

15.03.06.12

Quick Heal

Trojan.Sisproc.A6

3.15.14.00

Reason Heuristics

PUP.AND

15.3.6.11

Rising Antivirus

PE:Trojan.Crypt!6.DE2

23.00.65.15304

Sophos

Virus 'Troj/LdMon-D'

5.11

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.3

VIPRE Antivirus

Threat.4657539

38050

File size:

138 KB (141,264 bytes)

Product version:

1, 0, 0, 0

Original file name:

Downloader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\a_volynets_-_gorod_zolotoy_zaycev_net.exe

Digital Signature

Signed by:

AND LLC

Authority:

COMODO CA Limited

Valid from:

10/10/2013 4:00:00 AM

Valid to:

10/11/2014 3:59:59 AM

Subject:

CN=AND LLC, O=AND LLC, STREET="Marshala Fedorenko street, 7", L=Moscow, S=Moscow, PostalCode=125599, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

77019A082385E4B73F569569C9F87BB8

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:EVwpIHzBqGeBe4s2Ii2F9LmJirrCzvPwZUDe/pr:EVwuHMeBbFFmvznrDAr

Entry address:

0x14A8

Entry point:

38, 35, 90, C0, 41, 00, 75, 0C, C7, 05, 88, C0, 41, 00, 4B, 45, 01, 00, EB, 06, 89, 0D, F1, C0, 41, 00, 89, 35, 25, C0, 41, 00, 01, 3D, 9A, C0, 41, 00, E8, 25, 13, 00, 00, C7, 05, D2, C0, 41, 00, 6B, 2E, 01, 00, 89, 1D, AE, C0, 41, 00, 39, 15, 90, C0, 41, 00, 7F, 08, 8B, 35, 4C, C0, 41, 00, EB, 24, 89, 15, 17, C0, 41, 00, 89, 0D, 7E, C0, 41, 00, 89, 3D, D8, C0, 41, 00, 21, 0D, AF, C0, 41, 00, 89, 15, 68, C0, 41, 00, EB, 04, 55, 8B, EC, 8B, 89, 4C, 24, EE, 83, 3D, 2C, C0, 41, 00, 00, 7D, 08, 89, 1D, 42, C0... 
[+]

Code size:

99 KB (101,376 bytes)

Remove a_volynets_-_gorod_zolotoy_zaycev_net.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.