» avgda1d.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

avgda1d.exe

Installer

The application avgda1d.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d20ssor9owizgr.cloudfront.net. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

avgda1d.exe

Product:

Installer

Description:

Installer-H

Version:

1.0.0.0

MD5:

8db28d53ade9490ec10d89a24e5d2ef9

SHA-1:

c3410373040806588d3494279fa7481c65f76755

SHA-256:

d89e3b076a717e829d083c667edca7fe3c7794c2dc82c7b26466b40e86922feb

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 11:45:09 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.85359

451

Agnitum Outpost

PUA.Imali

7.1.1

AhnLab V3 Security

Adware/Win32.Imali

2015.10.20

Avira AntiVirus

ADWARE/Imali.108544

8.3.2.2

Arcabit

Trojan.Strictor.D14D6F

1.0.0.582

avast!

Win32:GenMaliciousA-FXY [Adw]

2014.9-151111

AVG

Downloader

2016.0.2929

Baidu Antivirus

Adware.MSIL.Imali

4.0.3.151111

Bitdefender

Gen:Variant.Strictor.85359

1.0.20.1575

Emsisoft Anti-Malware

Gen:Variant.Strictor.85359

8.15.11.11.04

ESET NOD32

MSIL/Adware.Imali (variant)

9.12433

Fortinet FortiGate

Adware/Imali

11/11/2015

F-Secure

Gen:Variant.Strictor.85359

11.2015-11-11_4

G Data

Gen:Variant.Strictor.85359

15.11.25

K7 AntiVirus

Adware

13.211.17582

McAfee

RDN/Generic PUP.x

5600.6585

MicroWorld eScan

Gen:Variant.Strictor.85359

16.0.0.945

NANO AntiVirus

Riskware.Win32.Imali.dwsoyz

0.30.26.3947

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Generic PUA MD (PUA)

4.98

Trend Micro

TROJ_GEN.R070C0OJ115

10.465.11

VIPRE Antivirus

MSIL.Adware.Imali

44674

File size:

106 KB (108,544 bytes)

Product version:

1.0.0.0

Original file name:

FinalInstaller_dotnet2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\avgda1d.exe

File PE Metadata

Compilation timestamp:

9/6/2015 5:41:15 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:569kUGnYX7Ey1GylwJAbRwM6zjDKtfkEPfl2/nCpEG77:55nYr1kylnFwM6zvK59h7

Entry address:

0x1060E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4566

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

58 KB (59,392 bytes)

The file avgda1d.exe has been seen being distributed by the following URL.

http://d20ssor9owizgr.cloudfront.net/.../FinalInstaller_dotnet2.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove avgda1d.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.