» f1.2014.co.reloaded_www.digloadz.com.rar.exe
Overview
Analysis
File Details
Downloads (1)

f1.2014.co.reloaded_www.digloadz.com.rar.exe

The application f1.2014.co.reloaded_www.digloadz.com.rar.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.tusfiles.net a web site host known to distribute potentially unwanted software operated by Artur Kozak.

File name:

MD5:

c86a2943d35196f00aae609d8f5f26d2

SHA-1:

cf19013fe34353884578aadca0053f5dd2d7e0b1

SHA-256:

9082a2b5ddbd5674bdc55e845e6b2c99c142571166ddb1f9ecdd1f8e89d31795

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 7:10:53 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OYS

6129878

Avira AntiVirus

ADWARE/MultiPlug.Gen7

7.11.195.92

avast!

Win32:MultiPlug-KA [PUP]

141130-1

AVG

Adware Generic_r.VD

2014.0.4189

Bitdefender

Adware.Agent.OYS

1.0.20.1740

Comodo Security

Application.Win32.Multiplug.CT

20364

Dr.Web

Trojan.DownLoader11.38371

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.OYS

9.0.0.4668

ESET NOD32

Win32/AdWare.MultiPlug.CT application

7.0.302.0

Fortinet FortiGate

Adware/MultiPlug

12/14/2014

F-Prot

W32/A-7bea42bf

v6.4.7.1.166

F-Secure

Adware.Agent.OYS

5.13.68

G Data

Adware.Agent.OYS

14.12.24

K7 AntiVirus

Unwanted-Program

13.187.14319

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.MultiPlug

v2014.12.14.09

McAfee

Program.MultiPlug-FRO

16.8.708.2

MicroWorld eScan

Adware.Agent.OYS

15.0.0.1044

NANO AntiVirus

Riskware.Win32.MultiPlug.dfjscb

0.28.6.63850

Norman

Adware.Agent.OYS

04.12.2014 14:30:06

nProtect

Adware.Agent.OYS

14.12.12.01

Sophos

PUA 'MultiPlug' (of type Adware)

5.08

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

Zillya! Antivirus

Adware.MultiPlug.Win32.53941

2.0.0.2005

File size:

895 KB (916,480 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\f1.2014.co.reloaded_www.digloadz.com.rar.exe

File PE Metadata

Compilation timestamp:

4/15/2012 11:53:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:qDinVk2njYYZBVNXPsFgkGvwtfskM7yQPc+W4B1a96lENvinqVzJzUMhozoOoLaP:qU1RbNTvi0wTM1a9QKnJzk62ChVmD9

Entry address:

0x29B06

Entry point:

E8, 79, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, A2, 44, 00, E8, E4, 0F, 00, 00, E8, 46, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0C, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7245 (probably packed)

Code size:

199.5 KB (204,288 bytes)

The file f1.2014.co.reloaded_www.digloadz.com.rar.exe has been seen being distributed by the following URL.

http://www.tusfiles.net/mkh8vi5arp03

Remove f1.2014.co.reloaded_www.digloadz.com.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.