home

_dual monitors_zombie_115304_dual_monitors_zombie.jpg.exe

Downloadious

The application _dual monitors_zombie_115304_dual_monitors_zombie.jpg.exe by Downloadious has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from wallpaperbackgrounds.com.
Publisher:
Downloadious  (signed and verified)

MD5:
b8de4280a56d577daf7ece729c0c2a35

SHA-1:
9c1c511397a7bfd203d682140f94fa09bbb368af

SHA-256:
d0e3843c3e18906f43738992991b8f5afc882c55a4ba1483e878a9cb1558facd

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
4/25/2024 11:32:50 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-150416

AVG
Generic
2016.0.3137

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.11906039
0.98/21511

Dr.Web
Adware.Downware.9609
9.0.1.0106

ESET NOD32
Win32/AdGazelle.F potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of _vehicles_lowrider_180163-45889.jpg.exe (Adware)
2015.7.18.16

K7 AntiVirus
Unwanted-Program
13.203.15658

NANO AntiVirus
Riskware.Win32.AdGazelle.dnrzqg
0.30.20.1219

Reason Heuristics
Threat.Installer.Downloadious
15.4.16.19

Total Defense
Win32/Tnega.VUDUGN
37.1.62.1

VIPRE Antivirus
Threat.4371328
39354

File size:
571.9 KB (585,672 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\_dual monitors_zombie_115304_dual_monitors_zombie.jpg.exe

Digital Signature
Signed by:
Downloadious

Authority:
Starfield Technologies, Inc.

Valid from:
1/12/2015 6:35:38 PM

Valid to:
10/17/2015 2:14:29 PM

Subject:
CN=Downloadious, O=Downloadious, L=San Diego, S=California, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
14C96493466331C1

File PE Metadata
Compilation timestamp:
4/9/2015 7:43:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:e/P1ioacOSaGanr/x9WdKTiWDj562UV0ov89beQsxDOHHNK6:eH1icO/rJfiW356j0C80Eh

Entry address:
0x35B7

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, E0, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B4, 82, 40, 00, 6A, 08, A3, F8, 05, 47, 00, E8, 62, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 00, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 24, 86, 40, 00, FF, 15, 84, 81, 40, 00, 68, 0C, 86, 40, 00, 68, 00, 85, 46, 00, E8, 32, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, 00, 10, 4C, 00, 57, E8, 20, 26, 00, 00...
 
[+]

Entropy:
7.9474

Packer / compiler:
Nullsoft install system v2.x

Code size:
26 KB (26,624 bytes)

The file _dual monitors_zombie_115304_dual_monitors_zombie.jpg.exe has been seen being distributed by the following URL.

http://wallpaperbackgrounds.com/Download/2068a32331074dd6b7f19b86277f7c05?domain=wallpaperbackgrounds.com&originalUrl=http://wallpaperbackgrounds.com/Content/wallpapers/dual monitors/.../115304_dual_monitors_zombie.jpg&source=wallpaperbackgrounds.com&customParameters="115304_dual_monitors_zombie.jpg" "Wallpaper Backgrounds\dual monitors\zombie" "" "open"&campaign=google&action=organic&label=not provided&name=/dual monitors/.../115304_dual_monitors_zombie.jpg&filename=/dual monitors/.../115304_dual_monitors_zombie.jpg.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.