» dokan104.zip.exe
Overview
Analysis
File Details
Downloads (1)

dokan104.zip.exe

Front Lay

Parimutuel Clouds

The application dokan104.zip.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from forallhomee.com.

File name:

dokan104.zip.exe

Publisher:

Parimutuel Clouds

Product:

Front Lay

Description:

To Violent

Version:

6.2.8.2

MD5:

9f13b32f33427064fd6281693992264d

SHA-1:

677fc9f1a7109d89f0144914c84a609437720fe1

SHA-256:

10f425e400048f96a07d00853f072d2a1076d665e615dda20481a6bd8cebbc52

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:08:44 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.CB

6085893

AhnLab V3 Security

PUP/Win32.MultiPlug

2014.12.09

Avira AntiVirus

ADWARE/MultiPlug.Gen7

7.11.193.162

avast!

Win32:MultiPlug-CU [PUP]

141130-1

AVG

Adware Generic5.BHUU

2014.0.4189

Bitdefender

Application.Bundler.CB

1.0.20.1710

Comodo Security

Application.Win32.MultiPlug.PNU

20303

Dr.Web

BackDoor.Andromeda.407

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.CB

9.0.0.4668

ESET NOD32

Win32/AdWare.MultiPlug.BS application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.4443501

12/8/2014

F-Prot

W32/A-40c0358e

v6.4.7.1.166

F-Secure

Application.Bundler.CB

11.2014-08-12_2

G Data

Application.Bundler.CB

14.12.24

IKARUS anti.virus

PUA.Bundler

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.186.14270

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.MultiPlug

v2014.12.08.08

McAfee

Program.MultiPlug

16.8.708.2

MicroWorld eScan

Application.Bundler.CB

15.0.0.1026

NANO AntiVirus

Riskware.Win32.MultiPlug.degcyb

0.28.6.63850

Norman

Application.Bundler.CB

04.12.2014 14:30:06

Panda Antivirus

Generic Suspicious

14.12.08.08

Sophos

PUA 'MultiPlug' (of type Adware)

5.08

Vba32 AntiVirus

Downware.MultiPlug.gen

3.12.26.3

File size:

566 KB (579,584 bytes)

Product version:

3.1.2.6

Original file name:

dokan104.zip.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\dokan104.zip.exe

File PE Metadata

Compilation timestamp:

7/29/2013 6:43:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:iBRrj5ywCelkVAjZjGCJQkG+9/L5dfmw3u9gKtDtYtPW:bJelVZX9NdG9gkDtYt

Entry address:

0x11F35

Entry point:

E8, 90, 3E, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, FF, 41, 00, E8, 85, 0B, 00, 00, E8, 5D, 40, 00, 00, 0F, B7, F0, 6A, 02, E8, 23, 3E, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F0, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8046 (probably packed)

Code size:

105.5 KB (108,032 bytes)

The file dokan104.zip.exe has been seen being distributed by the following URL.

http://forallhomee.com/v1160?product_name=dokan104.zip&installer_file_name=dokan104.zip&product_file_name=dokan104.zip&product_download_url=http://am4-r1f6-stor07.uploaded.net/.../29c49948-3bf5-47f9-8f61-5cf63f31ffb2

Remove dokan104.zip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.