home

archive.exe

Prof-IT

The application archive.exe by Prof-IT has been detected as adware by 31 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.topkoza.ru.
Publisher:
Prof-IT  (signed and verified)

MD5:
43dcaa9e1f998379f597d4c00e64e294

SHA-1:
acbb565da24f9a06380dcc9ab528c74d66c09983

SHA-256:
47fe5fb5e743907653ad62f46a097e383d80f063cbed53dad897f32376044b40

Scanner detections:
31 / 68

Status:
Adware

Analysis date:
4/27/2024 3:43:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.48150
6213306

AhnLab V3 Security
PUP/Win32.LoadMoney
2014.12.22

Avira AntiVirus
APPL/LoadMoney.qozg
7.11.197.38

avast!
Win32:Installer-U [PUP]
141214-1

AVG
Win32/Cryptor
2014.0.4235

Bitdefender
Gen:Variant.Adware.Symmi.48150
1.0.20.1780

Clam AntiVirus
Win.Trojan.Agent-805299
0.98/19819

Comodo Security
Application.Win32.LoadMoney.XU
20438

Dr.Web
Trojan.LoadMoney.336
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.48150
9.0.0.4668

ESET NOD32
Win32/Adware.LoadMoney.YS application
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CPAR!tr
12/22/2014

F-Prot
W32/LoadMoney.AJ.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Symmi.48150
5.13.68

G Data
Gen:Variant.Adware.Symmi.48150
14.12.24

IKARUS anti.virus
Win32.Cryptor
t3scan.1.8.5.0

K7 AntiVirus
Adware
13.188.14410

Kaspersky
not-a-virus:Downloader.Win32.LMN
15.0.0.543

McAfee
Program.Packed-CQ
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.565.0

MicroWorld eScan
Gen:Variant.Adware.Symmi.48150
15.0.0.1068

NANO AntiVirus
Trojan.Win32.LoadMoney.dhdtut
0.28.6.64267

Norman
Gen:Variant.Adware.Symmi.48150
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.22.08

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.ProfIT
15.3.18.1

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.141220

Sophos
Virus 'Troj/LdMon-J'
5.09

Total Defense
Win32/Ogiman.KCFVJeD
37.0.11344

Vba32 AntiVirus
Malware-Cryptor.Limpopo
3.12.26.3

VIPRE Antivirus
Threat.4657539
35418

File size:
480.9 KB (492,400 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\archive.exe

Digital Signature
Signed by:
Prof-IT

Authority:
COMODO CA Limited

Valid from:
10/22/2014 3:00:00 AM

Valid to:
10/23/2015 2:59:59 AM

Subject:
CN=Prof-IT, O=Prof-IT, STREET="Pervomajskaja, 47, 75", L=Irbit, S=Sverdlovsk region, PostalCode=623856, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BA9220E1BEF0519921922B933C27DFDD

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:u/Wr8DMmtp30WApgktN55OAY9ryYq9qm03dwMe5/:u/Wr8Im4/5Szlm03uMe5/

Entry address:
0x1524

Entry point:
83, 3D, 47, B0, 46, 00, 01, 75, 15, 8B, 0D, 47, B0, 46, 00, BA, 9A, 00, 00, 00, 87, 74, 24, EE, 21, 15, 56, B0, 46, 00, 0F, 85, 1C, 00, 00, 00, C7, 05, EB, B0, 46, 00, FC, 7E, 01, 00, 89, 05, 43, B0, 46, 00, B9, 36, 01, 00, 00, BB, C2, 01, 00, 00, C3, 90, 68, 90, 10, 40, 00, 89, 15, 6E, B0, 46, 00, 89, 3D, C8, B0, 46, 00, 87, 05, A5, B0, 46, 00, C7, 05, 24, B0, 46, 00, A4, 11, 40, 00, B0, 01, C3, 55, 8B, EC, 83, C4, D4, 89, 45, FC, C7, 05, A2, B0, 46, 00, 86, 56, 01, 00, 85, FF, 75, 0C, 89, 05, 32, B0, 46...
 
[+]

Code size:
423.5 KB (433,664 bytes)

The file archive.exe has been seen being distributed by the following URL.

http://forces.topkoza.ru/Njk7aHR0cDovL3d3dy5za2lucy13b3QubmV0L2xvYWQvMC0wLTAtMjA5My0yMDtuYW1lPWFyY2hpdmU7c2l6ZT0xNzcyMDkzO3R5cGU9YXJjaGl2ZQ==

Remove archive.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.