home

googlechromestablev35.0.1916.114finaltã¼r.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application googlechromestablev35.0.1916.114finaltã¼r.exe, “WesternDigital Setup” by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 16 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ultrauploadshare.com.
Publisher:
WesternDigital  (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:
Setup

Description:
WesternDigital Setup

Version:
1.1.2.0

MD5:
6c371c4163d89eced4f8c24af074e1f5

SHA-1:
926525a94af8f10744395fe5882a5c0917322dd1

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
5/7/2024 12:33:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Joedown.476888
7.11.214.252

AVG
Generic
2016.0.3175

Dr.Web
Trojan.KillFiles.18730
9.0.1.069

ESET NOD32
MSIL/Adware.Joedown (variant)
9.11289

Fortinet FortiGate
Adware/Agent
3/10/2015

G Data
Win32.Application.Agent.A2UHFQ
15.3.25

herdProtect (fuzzy)
variant of gta3p.exe
2015.6.16.9

IKARUS anti.virus
not-a-virus:AdWare.MSIL.Agent
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.200.15197

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.2369

McAfee
Artemis!6C371C4163D8
5600.6831

Qihoo 360 Security
Win32/Virus.Adware.73c
1.0.0.1015

Reason Heuristics
PUP.Installer.Amonitize
15.3.10.5

Sophos
Generic PUA JC
4.98

Trend Micro House Call
Suspicious_GEN.F47V0308
7.2.69

VIPRE Antivirus
Trojan.Win32.Generic
38256

File size:
465.7 KB (476,888 bytes)

Product version:
1.1.2.0

Copyright:
WesternDigital

Trademarks:
WesternDigital

Original file name:
WesternDigital.exe

File type:
Executable application (Win32 EXE)

Language:
Yansiz Dil

Common path:
C:\documents and settings\administrator\belgelerim\downloads\programs\googlechromestablev35.0.1916.114finaltã¼r.exe

Digital Signature
Signed by:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

Authority:
COMODO CA Limited

Valid from:
3/12/2014 2:00:00 AM

Valid to:
3/13/2015 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
3/7/2015 10:51:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:kqS/J1s0ldUmx/bLbYnwch3SoMGsgL7GZOsLa30hTbY5BYUy:kqS/J1sGdUmx/bwnwcco/nGZY09L

Entry address:
0x6387E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
390.5 KB (399,872 bytes)

The file googlechromestablev35.0.1916.114finaltã¼r.exe has been seen being distributed by the following URL.

http://ultrauploadshare.com/downloader.aspx?s=2&filename=wolfteamenvanterhackwolfhack201&p=

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.