» AdVantage.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

AdVantage.exe

AdVantage

The application AdVantage.exe by AdVantage has been detected as a potentially unwanted program by 28 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AdVantage’. While running, it connects to the Internet address 5-226-127-231.static.ip.netia.com.pl on port 80 using the HTTP protocol.

File name:

AdVantage.exe

Publisher:

Vomba Network (signed by AdVantage)

Product:

AdVantage

Version:

1, 1, 0, 15

MD5:

51f34837a6d73d10c8a912ffd838cc70

SHA-1:

c8669e3716b9c8a5bd85b1a11ee4fbcf3a0945a6

SHA-256:

e33b9c0cbaa411d291f8469aa0dd26400cd8bdbc3267dcfe869fefc7f9d1c471

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 4:13:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Heur.mmLfRKWKYyeo

395

Agnitum Outpost

Adware.Agent

7.1.1

AhnLab V3 Security

Win-Trojan/Xema.variant

2015.03.09

Avira AntiVirus

ADSPY/Agent.omi

7.11.214.232

avast!

Win32:Gabpath-G [Adw]

2014.9-160105

AVG

Generic4

2017.0.2873

Bitdefender

Gen:Adware.Heur.mmLfRKWKYyeo

1.0.20.25

Comodo Security

ApplicUnwnt.Win32.AdWare.AdVantage.~S

21341

Dr.Web

Trojan.DownLoad.33638

9.0.1.05

Emsisoft Anti-Malware

Gen:Adware.Heur.mmLfRKWKYyeo

8.16.01.05.04

ESET NOD32

Win32/Adware.Vomba.AA potentially unwanted (variant)

10.11288

F-Prot

W32/Adware.AFVH

v6.4.7.1.166

F-Secure

Gen:Adware.Heur.mmLfRKWKYyeo

11.2016-05-01_3

G Data

Gen:Adware.Heur.mmLfRKWKYyeo

16.1.25

K7 AntiVirus

Adware

13.200.15196

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.861

Malwarebytes

Trojan.Agent

v2016.01.05.04

McAfee

Generic.gh

5600.6529

MicroWorld eScan

Gen:Adware.Heur.mmLfRKWKYyeo

17.0.0.15

NANO AntiVirus

Riskware.Win32.Agent.hatye

0.30.0.296

Quick Heal

AdWare.Agent.omi.n3 (Not a Virus)

1.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.127E4837!310265911

23.00.65.16103

SUPERAntiSpyware

Trojan.Agent/Gen

9404

Trend Micro House Call

TROJ_GEN.R047C0EKO14

7.2.5

Vba32 AntiVirus

suspected of Trojan-Downloader.IstBar.24

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38250

ViRobot

Adware.Agent.204208[h]

2014.3.20.0

Zillya! Antivirus

Adware.Agent.Win32.6408

2.0.0.2091

File size:

199.4 KB (204,208 bytes)

Product version:

1, 1, 0, 15

Original file name:

AdVantage.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\advantage\advantage.exe

Digital Signature

Signed by:

AdVantage

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/25/2008 7:00:00 AM

Valid to:

11/26/2009 6:59:59 AM

Subject:

CN=AdVantage, OU=Technology, O=AdVantage, L=Montreal, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

7E24C21A564CB12756EF0A91FC6C8FE5

File PE Metadata

Compilation timestamp:

3/4/2009 3:46:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:Yxr2vmHT25HK33U6TGcgqAY+6kCFzbOwlNkvi1pWwA1HR0YbpxsoHIFQFqgQ72Aq:Yxr2sT2FYF5AYtOwIv6pWXHm6Ooo8P

Entry address:

0xC5140

Entry point:

60, BE, 00, 60, 49, 00, 8D, BE, 00, B0, F6, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

192 KB (196,608 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AdVantage

Command:

C:\users\{user}\appdata\roaming\advantage\advantage.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to no.rdns.ukservers.com (94.229.72.117:80)

TCP (HTTP):

Connects to 5-226-127-231.static.ip.netia.com.pl (5.226.127.231:80)

TCP (HTTP):

Connects to 5-226-127-187.static.ip.netia.com.pl (5.226.127.187:80)

TCP (HTTP):

Connects to 213-241-87-24.static.ip.netia.com.pl (213.241.87.24:80)

Remove AdVantage.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.