» grand theft auto ivlicenziya 1c 1s eng rus l.exe
Overview
Analysis
File Details
Downloads (1)

grand theft auto ivlicenziya 1c 1s eng rus l.exe

PDA Distribution LLC

The application grand theft auto ivlicenziya 1c 1s eng rus l.exe by PDA Distribution has been detected as adware by 29 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.mylowenburg.ru.

File name:

Publisher:

PDA Distribution LLC (signed and verified)

MD5:

b84305da14e15846bfd1cb0dfd1b768b

SHA-1:

ecad427ca7cc525070c50ce3b893aae5317a05f1

SHA-256:

26909482084abb7fc47bfcc167ef5dd113da3672656d19fd98925db51194cda0

Scanner detections:

29 / 68

Status:

Adware

Analysis date:

4/25/2024 12:36:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.356175

920

Agnitum Outpost

PUA.LoadMoney

7.1.1

AhnLab V3 Security

PUP/Win32.LoadMoney

2014.07.31

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

Win32:LoadMoney-EH [PUP]

140617-1

AVG

Generic_r

2015.0.3398

Bitdefender

Gen:Variant.Kazy.356175

1.0.20.1055

Comodo Security

ApplicUnwnt.Win32.Hoax.ArchSMS.BMPC

19024

Dr.Web

Trojan.LoadMoney.240

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.356175

8.14.07.30.09

ESET NOD32

Win32/LoadMoney.GM potentially unwanted application

7.0.302.0

Fortinet FortiGate

W32/Obfuscated.G!tr

7/30/2014

F-Prot

W32/A-ff872b11

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.356175

11.2014-30-07_4

G Data

Gen:Variant.Kazy.356175

14.7.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.181.12872

Kaspersky

not-a-virus:Downloader.Win32.LMN

14.0.0.3483

McAfee

Generic Obfuscated.g

5600.7054

MicroWorld eScan

Gen:Variant.Kazy.356175

15.0.0.633

NANO AntiVirus

Trojan.Win32.LoadMoney.cvzecu

0.28.2.61148

Norman

Kelihos.TJU

11.20140730

Panda Antivirus

Trj/Genetic.gen

14.07.30.09

Reason Heuristics

PUP.PDADistribution.m

14.7.27.14

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14728

Sophos

Mal/LdMon-B

4.98

Total Defense

Win32/ArchSMS.MMPIPOD

37.0.11089

Vba32 AntiVirus

BScope.Trojan.TDSS.1112

3.12.26.3

VIPRE Antivirus

Threat.4894961

31208

File size:

314.9 KB (322,448 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\grand theft auto ivlicenziya 1c 1s eng rus l.exe

Digital Signature

Signed by:

PDA Distribution LLC

Authority:

Thawte, Inc.

Valid from:

3/5/2014 8:00:00 AM

Valid to:

3/6/2015 7:59:59 AM

Subject:

CN=PDA Distribution LLC, O=PDA Distribution LLC, L=Moscow, S=Moscow region, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

073734171C2AD1B60C674267620A6C93

File PE Metadata

Compilation timestamp:

3/23/2014 7:07:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

41.22

CTPH (ssdeep):

6144:bF4mRczp74abp07iJJrPVzf44IrfDclRfDvQSFubgbAdBkH+os1Gp:bBOzeabpdJrdzQhfQLQSI0AdOH+oDp

Entry address:

0x4727

Entry point:

55, 8B, EC, 51, A1, AC, 15, 45, 00, 83, C0, 01, A3, AC, 15, 45, 00, 8B, 4D, FC, 89, 0D, 9C, 15, 45, 00, 8B, 15, B0, 15, 45, 00, 03, 55, FC, 89, 15, B0, 15, 45, 00, A1, C8, 15, 45, 00, 83, C0, 01, A3, C8, 15, 45, 00, 8B, 0D, AC, 15, 45, 00, 83, E9, 01, 89, 0D, AC, 15, 45, 00, 8B, 15, 98, 15, 45, 00, 2B, 15, A4, 15, 45, 00, 89, 15, 98, 15, 45, 00, A1, AC, 15, 45, 00, 03, 05, AC, 15, 45, 00, A3, AC, 15, 45, 00, 8B, 0D, 60, 16, 45, 00, 51, 8B, 15, 74, 16, 45, 00, 52, A1, 6C, 16, 45, 00, 50, 8B, 0D, 68, 16, 45... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

310 KB (317,440 bytes)

The file grand theft auto ivlicenziya 1c 1s eng rus l.exe has been seen being distributed by the following URL.

http://forces.mylowenburg.ru/Mzg0O2h0dHA6Ly9iZXN0Z2FtZXIubmV0L2xvYWQvMC0wLTAtMTkwNzgtMjA7bmFtZT1HcmFuZCtUaGVmdCtBdXRvK0lWJTI4JUQwJTlCJUQwJUI4JUQxJTg2JUQwJUI1JUQwJUJEJUQwJUI3JUQwJUI4JUQxJThGJTJDKzFDJTI5KyUyODElRDAlQTElMjkrJTI4RU5HJTJCUlVTJTI5KyU1QkwlNUQudG9ycmVudDtzaXplPTcxOTg3

Remove grand theft auto ivlicenziya 1c 1s eng rus l.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.