home

idemos_windows.exe

Tanja Matkovic

The application idemos_windows.exe by Tanja Matkovic has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.ft-download.com and multiple other hosts.
Publisher:
Tanja Matkovic  (signed and verified)

MD5:
b9749413d363592032e76c03de776fc0

SHA-1:
19e22673015e434412ba7e7e2f149ede26208c48

SHA-256:
b56dbd05066daf3469e01d1c17c5b958bd8b65b5ec7f82847f1897fa494dbfee

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/27/2024 4:13:29 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Yontoo.4
9.0.1.0359

ESET NOD32
Win32/AdWare.1ClickDownload.AQ
8.9259

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2013.12.25.12

McAfee
Artemis!B9749413D363
5600.7255

Reason Heuristics
PUP.TanjaMatkovic.O
14.3.29.10

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.14107

Trend Micro House Call
TROJ_GEN.F47V1217
7.2.359

VIPRE Antivirus
CoolMirage Ltd
25184

File size:
309.6 KB (317,056 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\idemos_windows.exe

Digital Signature
Signed by:
Tanja Matkovic

Authority:
Thawte, Inc.

Valid from:
5/1/2013 12:00:00 AM

Valid to:
5/1/2014 11:59:59 PM

Subject:
CN=Tanja Matkovic, OU=Individual Developer, O=No Organization Affiliation, L=Subotica, S=Subotica, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A3131F81D52E40A00F4396C56D649C5

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:hsk7rZT/heQdJQjeUlopFCWr62JAyWEIAi/cbU5S/20my:rrZTpN9tpFFWE83S/20j

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file idemos_windows.exe has been seen being distributed by the following 8 URLs.

http://www.ft-download.com/.../Team_Umizoomi-S1xE16_Playground_Heroes.exe

http://www.ft-download.com/.../Monty.Python.Live.at.the.Hollywood.Bowl.1982.DVDRip.XviD-MDX.exe

http://www.ft-download.com/.../picsel_smart_office_bada.exe

http://www.ft-download.com/.../OMSERA~3.exe

http://www.ft-download.com/.../ProRat_v1_9.exe

http://www.ft-download.com/.../QbjaybnqFrghc.exe

http://www.ft-download.com/.../Readiris_Pro_11_6_3_SN_dmg___crack___keygen.exe

http://www.ft-download.com/.../Idemos_Windows.exe

Remove idemos_windows.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.