avicii feat zaycev net aloe blacc - wake me up dj nejtrino and dj baur remix.exe

IT River

The application avicii feat zaycev net aloe blacc - wake me up dj nejtrino and dj baur remix.exe by IT River has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.upload-zone.ru.
Publisher:
IT River  (signed and verified)

MD5:
ce84c9243fdfd72a23933f053c76187f

SHA-1:
471eb8c732399325b12b50ff0eb7508c49d81174

SHA-256:
9e192523a8bf04e3796e2198dd351e96672c72d7a57a2ba89443b0be4b90bcfb

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/25/2017 4:57:43 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ITRiver (M)
16.4.10.9

File size:
410.4 KB (420,200 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\avicii feat zaycev net aloe blacc - wake me up dj nejtrino and dj baur remix.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/25/2014 2:00:00 AM

Valid to:
2/26/2015 1:59:59 AM

Subject:
CN=IT River, O=IT River, STREET="Obolenskiy, 9", L=Moscow, S=Moscow oblast, PostalCode=119021, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0F02E0C593A3B9A15B22F5853C90D66B

File PE Metadata
Compilation timestamp:
5/1/2014 2:17:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.6

CTPH (ssdeep):
6144:NLUBazxbmH2wvV9/G/iMHVWPEzCUGglqZ9+tfla2VLbuCUerQW3hsjz:NyDb3/G6Fgfc2VutoQtP

Entry address:
0x2458

Entry point:
C1, F8, 11, C1, FA, 0F, 90, F7, D2, C1, E3, 18, 13, 7C, 24, F8, C1, E5, 14, 49, C1, C5, 11, 8B, 74, 24, FC, D1, FA, 39, 4C, 24, FC, 11, E5, C1, C0, 00, F5, F5, C1, FD, 09, 8B, 4C, 24, FC, C1, CE, 17, C1, C9, 00, 3B, 54, 24, F4, F7, 04, 24, 80, C1, EE, 48, 33, 0D, 49, F0, 40, 00, C1, D5, 03, FD, 85, F0, C1, C2, 14, C1, E6, 05, F5, 46, C1, DE, 15, 87, EA, 01, E3, C1, FA, 13, C1, C8, 0E, C1, FE, 17, 2B, 44, 24, 04, C1, DF, 0E, C1, CE, 1A, C1, E3, 00, FD, 33, 6C, 24, F8, F5, 90, C1, E2, 16, C1, FD, 12, 96, FD...
 
[+]

Code size:
338 KB (346,112 bytes)

The file avicii feat zaycev net aloe blacc - wake me up dj nejtrino and dj baur remix.exe has been seen being distributed by the following URL.