home

discountfrenzy.exe

Klfjtz

Ztrxqzsfugh

The application discountfrenzy.exe has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vzbucket.appscion.com.
Publisher:
Ztrxqzsfugh

Product:
Klfjtz

Description:
Krngjszygnmbwi

Version:
1.0.0.0

MD5:
69c06675da64b22c6d5a0df307eeabd7

SHA-1:
3ed92fac3be07f3fc67fd5b6b5021fb381267cae

SHA-256:
10c7f968953574f129ad26f5c33acc26d3603e95e4ac04d11aadac15ca9ba557

Scanner detections:
13 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
5/1/2024 2:46:25 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MulDrop
2014.03.04

Baidu Antivirus
Trojan.Win32.ScrambleWrapper
4.0.3.14517

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Trojan.Crossrider.41
9.0.1.0137

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9495

K7 AntiVirus
Trojan
13.176.11322

McAfee
Artemis!69C06675DA64
5600.7128

NANO AntiVirus
Trojan.Win32.Generic.ctnytf
0.28.0.58101

Norman
Troj_Generic.SPQYV
11.20140517

Reason Heuristics
PUP.Downloader.Ztrxqzsfugh.O
14.5.17.5

Sophos
Generic PUA DO
4.98

Trend Micro House Call
TROJ_GEN.R047H05BD14
7.2.137

VIPRE Antivirus
Adware.Crossid
27044

File size:
4.4 MB (4,588,989 bytes)

Copyright:
Pteqdhwlzt

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\discountfrenzy.exe

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:nNVFx0pnTHMnngEXxtFXFmb6O7d4xqrnPzKjr48YHk0jiP7uk/XKII9bVVVcU:NyGng2HxqrnPzqdYHk0GP7uWXJI9bVVT

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file discountfrenzy.exe has been seen being distributed by the following URL.

http://vzbucket.appscion.com/.../discountfrenzy.exe

Remove discountfrenzy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.