» avg2a86.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

avg2a86.exe

Installer

The application avg2a86.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d20ssor9owizgr.cloudfront.net. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

avg2a86.exe

Product:

Installer

Description:

Installer-H

Version:

1.0.0.0

MD5:

23846a403ab4e24ee76f5d33ff06d0d3

SHA-1:

1926d93df4e8e293d64201ebe9ba34eb3b1be8f0

SHA-256:

69ce768c7c8b2f92aade1e2316d816a58ee408692b0686544a2d36ff69693d69

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 1:57:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.85359

475

AhnLab V3 Security

Adware/Win32.Imali

2015.09.09

Arcabit

Trojan.Strictor.D14D6F

1.0.0.525

avast!

Win32:GenMaliciousA-JCC [PUP]

2014.9-151017

AVG

Downloader

2016.0.2953

Baidu Antivirus

Adware.MSIL.Imali

4.0.3.151017

Bitdefender

Gen:Variant.Strictor.85359

1.0.20.1450

Emsisoft Anti-Malware

Gen:Variant.Strictor.85359

8.15.10.17.12

ESET NOD32

MSIL/Adware.Imali (variant)

9.12224

Fortinet FortiGate

Adware/Imali

10/17/2015

F-Secure

Gen:Variant.Strictor.85359

11.2015-17-10_7

G Data

Gen:Variant.Strictor.85359

15.10.25

K7 AntiVirus

Adware

13.2017154

Malwarebytes

PUP.Optional.Bundler

v2015.10.17.12

McAfee

Artemis!23846A403AB4

5600.6609

MicroWorld eScan

Gen:Variant.Strictor.85359

16.0.0.870

File size:

106 KB (108,544 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller_dotnet4.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\avg2a86.exe

File PE Metadata

Compilation timestamp:

9/6/2015 9:41:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:B4wl8On3yJ+m918ylwJAbXtFNuKtnPaEPfl2/nCpEG77:BX5WuylnhFEK9Prh7

Entry address:

0x106CE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

58 KB (59,392 bytes)

The file avg2a86.exe has been seen being distributed by the following URL.

http://d20ssor9owizgr.cloudfront.net/.../FinalInstaller_dotnet4.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove avg2a86.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.