home

dl.exe

PDA Distribution LLC

The application dl.exe by PDA Distribution has been detected as adware by 30 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.mylowenburg.ru.
Publisher:
PDA Distribution LLC  (signed and verified)

MD5:
434fcd1196d3516237a99c4239a9d752

SHA-1:
5a7cdb4a9af70b86a530cb76abdc9ecc668fae7f

SHA-256:
1f94c8643aacf284381d44366dac950bcb8c1f75e3e8922acfd2202d5cf46443

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
4/23/2024 11:06:29 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.356345
920

Agnitum Outpost
PUA.LoadMoney
7.1.1

AhnLab V3 Security
PUP/Win32.LoadMoney
2014.07.31

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:LoadMoney-EH [PUP]
140617-1

AVG
Generic_r
2015.0.3398

Bitdefender
Gen:Variant.Kazy.356345
1.0.20.1055

Comodo Security
ApplicUnwnt.Win32.Hoax.ArchSMS.BMPC
19024

Dr.Web
Trojan.LoadMoney.240
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.356345
8.14.07.30.09

ESET NOD32
Win32/LoadMoney.GM potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Obfuscated.G!tr
7/30/2014

F-Prot
W32/A-46411d15
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.356345
11.2014-30-07_4

G Data
Gen:Variant.Kazy.356345
14.7.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12872

Kaspersky
not-a-virus:Downloader.Win32.LMN
14.0.0.3483

Malwarebytes
PUP.Optional.Downloader
v2014.07.30.09

McAfee
Generic Obfuscated.g
5600.7054

MicroWorld eScan
Gen:Variant.Kazy.356345
15.0.0.633

NANO AntiVirus
Trojan.Win32.LoadMoney.cvzecu
0.28.2.61148

Panda Antivirus
Trj/Genetic.gen
14.07.30.09

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.PDADistribution.C
14.7.27.14

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14728

Sophos
Troj/LdMon-E
4.98

Total Defense
Win32/ArchSMS.MMPIPOD
37.0.11089

Vba32 AntiVirus
BScope.Trojan.TDSS.1112
3.12.26.3

VIPRE Antivirus
Threat.4894961
31208

File size:
329.9 KB (337,808 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dl.exe

Digital Signature
Signed by:
PDA Distribution LLC

Authority:
Thawte, Inc.

Valid from:
3/5/2014 8:00:00 AM

Valid to:
3/6/2015 7:59:59 AM

Subject:
CN=PDA Distribution LLC, O=PDA Distribution LLC, L=Moscow, S=Moscow region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
073734171C2AD1B60C674267620A6C93

File PE Metadata
Compilation timestamp:
3/23/2014 7:07:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
41.22

CTPH (ssdeep):
6144:VF4mRcRS4v/MDyaNrYdOTNQ35tVc6c9uL3FHnXdUWHVaNFwj+Xux//qljvd1w1pt:VBOEM/MVrYATNATBcuXMy+Xux/gTdCDd

Entry address:
0x4727

Entry point:
55, 8B, EC, 51, A1, AC, 15, 45, 00, 83, C0, 01, A3, AC, 15, 45, 00, 8B, 4D, FC, 89, 0D, 9C, 15, 45, 00, 8B, 15, B0, 15, 45, 00, 03, 55, FC, 89, 15, B0, 15, 45, 00, A1, C8, 15, 45, 00, 83, C0, 01, A3, C8, 15, 45, 00, 8B, 0D, AC, 15, 45, 00, 83, E9, 01, 89, 0D, AC, 15, 45, 00, 8B, 15, 98, 15, 45, 00, 2B, 15, A4, 15, 45, 00, 89, 15, 98, 15, 45, 00, A1, AC, 15, 45, 00, 03, 05, AC, 15, 45, 00, A3, AC, 15, 45, 00, 8B, 0D, 60, 16, 45, 00, 51, 8B, 15, 74, 16, 45, 00, 52, A1, 6C, 16, 45, 00, 50, 8B, 0D, 68, 16, 45...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
310 KB (317,440 bytes)

The file dl.exe has been seen being distributed by the following URL.

http://forces.mylowenburg.ru/.../aWQ9O3R5cGU9c2V0dXA=

Remove dl.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.