home

c9b45050-sample

Downloader

AND LLC

The file c9b45050-sample by AND has been detected as adware by 32 anti-malware scanners.
Publisher:
AND LLC  (signed and verified)

Product:
Downloader

Version:
1, 0, 0, 0

MD5:
1589664e3fda98314323d54a4864bb18

SHA-1:
e154d6444ddf2eecc2a2d08b66430a9bf67fa3dc

SHA-256:
8375a7f9237deec66aa90c70bb3b32da33c3e7d92f5a75edc6874b2575847b8c

Scanner detections:
32 / 68

Status:
Adware

Analysis date:
4/26/2024 2:08:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.307333
766

AhnLab V3 Security
Trojan/Win32.LoadMoney
2014.12.05

Avira AntiVirus
APPL/Downloader.ghk
7.11.192.152

avast!
Win32:LoadMoney-AJ [Trj]
2014.9-141231

AVG
Win32/Cryptor
2015.0.3244

Bitdefender
Gen:Variant.Kazy.307333
1.0.20.1825

Comodo Security
TrojWare.Win32.Kryptik.BMMN
20282

Dr.Web
Trojan.LoadMoney.225
9.0.1.0365

ESET NOD32
Win32/Kryptik.BVHV (variant)
8.10826

Fortinet FortiGate
Riskware/LMN
12/31/2014

F-Prot
W32/LoadMoney.L.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.307333
11.2014-31-12_4

G Data
Gen:Variant.Kazy.307333
14.12.24

IKARUS anti.virus
not-a-virus:Downloader.Win32.GLDCT
t3scan.1.8.5.0

K7 AntiVirus
Adware
13.186.14239

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
14.0.0.2713

Malwarebytes
PUP.Optional.LoadMoney
v2014.12.31.10

McAfee
Downloader-FWY!1589664E3FDA
5600.6900

Microsoft Security Essentials
TrojanDownloader:Win32/Ogimant.gen!A
1.11202

MicroWorld eScan
Gen:Variant.Kazy.307333
15.0.0.1095

NANO AntiVirus
Trojan.Win32.LMN.cmgquy
0.28.6.63850

Norman
LoadMoney.LLC
11.20141231

Panda Antivirus
Generic Suspicious
14.12.31.10

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.Sisproc.A6
12.14.14.00

Reason Heuristics
PUP.AND.P
14.12.31.10

Rising Antivirus
PE:Malware.Delphi!6.C6A
23.00.65.141229

Sophos
Troj/LdMon-D
4.98

Trend Micro House Call
TROJ_GEN.R031C0DKK14
7.2.365

Trend Micro
TROJ_GEN.R031C0DKK14
10.465.31

Vba32 AntiVirus
Malware-Cryptor.Limpopo
3.12.26.3

VIPRE Antivirus
Trojan.Win32.LoadMoney.b
35416

File size:
139.9 KB (143,272 bytes)

Product version:
1, 0, 0, 0

Copyright:
Copyright 2013

Original file name:
Downloader.exe

Language:
Russian (Russia)

Digital Signature
Signed by:
AND LLC

Authority:
COMODO CA Limited

Valid from:
10/10/2013 3:30:00 AM

Valid to:
10/11/2014 3:29:59 AM

Subject:
CN=AND LLC, O=AND LLC, STREET="Marshala Fedorenko street, 7", L=Moscow, S=Moscow, PostalCode=125599, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
77019A082385E4B73F569569C9F87BB8

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:szcsUVK1XtvgMSSbHg4lASOTpioX5AM7Wgv6ox8ap8wEu/W:yySL5axX2yvF8a9ED

Entry address:
0x19620

Entry point:
83, 3D, A0, B5, 41, 00, 00, 75, 2E, 89, 1C, 95, 41, 00, FF, 25, 34, 96, 41, 00, 94, 96, 41, 00, 62, 48, C6, 05, D4, B0, 41, 00, D2, 8D, 35, 57, B0, 41, 00, C7, 46, 18, E4, 00, 00, 00, 83, 3D, 28, B2, 41, 00, 00, 74, D7, E8, B4, FE, FF, FF, C7, 05, FA, B0, 41, 00, 0C, 6E, 01, 00, 47, 89, F1, 89, D3, 8B, 05, 80, B1, 41, 00, 85, C0, 74, C4, C7, 05, 14, B0, 41, 00, 04, 10, 40, 00, C7, 05, 18, B0, 41, 00, 2C, 1A, 40, 00, FF, 25, 14, B0, 41, 00, 89, A4, 3A, 40, 00, C6, 05, 88, B0, 41, 00, CC, C6, 05, 1C, B0, 41...
 
[+]

Entropy:
6.5452

Code size:
98 KB (100,352 bytes)

Remove c9b45050-sample - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.