home

gazoz hacks.exe

Planeta ITOOO

The application gazoz hacks.exe by Planeta ITOOO has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from mediadisk.net.
Publisher:
Planeta ITOOO  (signed and verified)

MD5:
9b36399dd661ec7f3aae8beb31c3bb51

SHA-1:
8169eaed95313740d53638bc83907a882a43debd

SHA-256:
761653f2f206565bcdaaa8230b48fc44ec9ed37a12a16bf20ab58417ea98084b

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
5/6/2025 6:38:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-gen [Adw]
160518-2

Dr.Web
Trojan.LoadMoney.1440
9.0.1.05190

ESET NOD32
Win32/Adware.LoadMoney.AWD application
8.0.319.0

Kaspersky
not-a-virus:Downloader.Win32.LMN
15.0.0.562

Reason Heuristics
PUP.PlanetaI (M)
16.5.23.15

File size:
493.5 KB (505,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\gazoz hacks.exe

Digital Signature
Signed by:
Planeta ITOOO

Authority:
COMODO CA Limited

Valid from:
3/25/2016 2:00:00 AM

Valid to:
3/26/2017 1:59:59 AM

Subject:
CN="""Planeta IT""OOO", O="""Planeta IT""OOO", STREET=40 ul.Gorkogo, L=Vladimir, S=Vladimirskaya obl., PostalCode=600017, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7E4FCBC86A9FD9C16016F3E945A87C06

File PE Metadata
Compilation timestamp:
5/19/2016 7:34:39 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:WkOrVaYfzr3wBaX49nOiE3r+qNnzIWDkQoH7r:WFZz/gaXWnbE3CqnEWDrs3

Entry address:
0x1120

Entry point:
55, 8B, EC, 81, EC, A8, 07, 00, 00, 53, 56, 57, C6, 85, 01, FF, FF, FF, 3E, 68, 3B, 11, 40, 00, C3, 33, F2, 8D, 12, EB, 06, 81, EF, D9, 8B, DF, 12, 87, C9, C7, 85, E8, FD, FF, FF, 03, 00, 00, 00, 8B, 85, E8, FD, FF, FF, 83, C0, 0C, 89, 85, E8, FD, FF, FF, 81, BD, E8, FD, FF, FF, 5C, 11, 00, 00, 76, 02, EB, 14, 68, 7C, 40, 47, 00, FF, 15, 54, 11, 47, 00, B9, 01, 00, 00, 00, 85, C9, 75, CF, 6A, 00, FF, 15, A0, 15, 47, 00, 6A, 00, FF, 15, 50, 11, 47, 00, 8B, 95, 88, FD, FF, FF, C1, E2, 47, 89, 95, C0, FD, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
444.5 KB (455,168 bytes)

The file gazoz hacks.exe has been seen being distributed by the following URL.

http://mediadisk.net/.../!1b92d5e309f55ba5ad3eccb064f7debc4e7e56f273c076ca1d87f885c415dc41

Remove gazoz hacks.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.