» dahonet news 1.3.exe.exe
Overview
Analysis
File Details

dahonet news 1.3.exe.exe

so these collection

Alexey Kurilenko

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application dahonet news 1.3.exe.exe by Alexey Kurilenko has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

XML deleting a (signed by Alexey Kurilenko)

Product:

so these collection

Version:

4.4.0.0

MD5:

c35ce03ab2136841404b81d9ef3e1a8f

SHA-1:

e132491582c65c7d22e7e4cc7ac62a27dda146e1

SHA-256:

ae1be17b9d628a98357a2ac0931f629bbceefc0ab2e2f629c4be4dc9c6052669

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 9:34:58 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.103

926

AhnLab V3 Security

Adware/Win32.Agent

2014.07.24

Avira AntiVirus

Adware/MultiPlug.aob

7.11.163.164

avast!

Win32:PUP-gen [PUP]

140617-1

AVG

Adware Generic_r.QP

2014.0.3986

Bitdefender

Gen:Variant.Adware.Dropper.103

1.0.20.1020

Dr.Web

Trojan.Crossrider.26283

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.103

8.14.07.23.12

ESET NOD32

Win32/AdWare.MultiPlug.AQ (variant)

8.10142

F-Secure

Gen:Variant.Adware.Dropper.103

11.2014-23-07_4

G Data

Gen:Variant.Adware.Dropper.103

14.7.24

IKARUS anti.virus

AdWare.SaveNet

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12819

Malwarebytes

PUP.Optional.Dropper

v2014.07.23.12

McAfee

PUP-FMH

5600.7060

MicroWorld eScan

Gen:Variant.Adware.Dropper.103

15.0.0.612

Panda Antivirus

PUP/TSUploader

14.07.23.12

Reason Heuristics

PUP.AlexeyKurilenko.P

14.7.23.11

Sophos

MultiPlug

4.98

VIPRE Antivirus

Threat.4150696

31208

File size:

778.9 KB (797,584 bytes)

Product version:

4.4.0.0

Original file name:

recovering

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\downloads\dahonet news 1.3.exe.exe

Digital Signature

Signed by:

Alexey Kurilenko

Authority:

Unizeto Technologies S.A.

Valid from:

6/17/2014 2:20:17 PM

Valid to:

6/17/2015 2:20:17 PM

Subject:

E=Alexey.kurilenko@hotmail.com, CN=Alexey Kurilenko, O=Alexey Kurilenko, C=RU

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

15D51642691B3EE20985639A8FE865DD

File PE Metadata

Compilation timestamp:

7/21/2014 5:07:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:tXb51PrYcO1leViBaKssN+TE9C3ZWuG11oRW:tX7Pr6lewBaKssgTEk43H

Entry address:

0x178DE

Entry point:

E8, 9F, 7D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, DE, 42, 00, E8, FC, 0D, 00, 00, E8, 2E, 04, 00, 00, 0F, B7, F0, 6A, 02, E8, 32, 7D, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

136.5 KB (139,776 bytes)

Remove dahonet news 1.3.exe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.