» k4vlqvg0.exe
Overview
Analysis
File Details
Downloads (4)

k4vlqvg0.exe

Boiler Room Interactive

The file k4vlqvg0.exe by Boiler Room Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from intva31.corecontroller.info and multiple other hosts.

File name:

k4vlqvg0.exe

Publisher:

Boiler Room Interactive (signed and verified)

MD5:

605855754e00aabbdaeaa7f4e9480374

SHA-1:

239a543533ee5062e261df254f3e1762a949f73a

SHA-256:

d37889e5fc4a2b326abe7d6c6465b7406a11b6ac2912f25fafcd16005366153c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/17/2024 3:43:23 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ShieldedInstall.Installer

16.3.15.11

File size:

469.3 KB (480,584 bytes)

Common path:

C:\users\{user}\appdata\local\temp\k4vlqvg0.exe.part

Digital Signature

Signed by:

Boiler Room Interactive

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2016 5:11:39 PM

Valid to:

3/8/2017 5:11:39 PM

Subject:

CN=Boiler Room Interactive, O=Boiler Room Interactive, L=San Francisco, S=California, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00DF23FF57BFFF1CED

File PE Metadata

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:WMU9IamqboR7TPzXMQWAaCyTyPKGTjq67XP4oNMkbRw:W39IamHR7zzXMgyCKGTj97/4oN9bRw

Entry address:

0x47130

Entry point:

55, 8B, EC, 64, 8B, 15, 00, 00, 00, 00, 6A, FF, 68, 34, D1, 46, 00, 68, A8, C0, 44, 00, 52, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 50, 53, 56, 57, 89, 65, E8, C7, 45, FC, 00, 00, 00, 00, EB, 1D, FF, 75, EC, E8, 63, 55, 00, 00, 83, C4, 04, C3, 8B, 65, E8, C7, 45, FC, FF, FF, FF, FF, 6A, 01, E8, 2E, 55, 00, 00, E8, 5D, 54, 00, 00, 8B, C4, A3, 7C, 12, 47, 00, E8, 5D, 56, 00, 00, 6A, 00, FF, 15, F4, 1A, 40, 00, A3, 84, 12, 47, 00, E8, 2F, 56, 00, 00, FF, 15, B0, 1A, 40, 00, A3, 80, 12, 47, 00, E8, AF, 59, 00... 
[+]

Entropy:

6.2570

Developed / compiled with:

Microsoft Visual C++

Code size:

315 KB (322,560 bytes)

The file k4vlqvg0.exe has been seen being distributed by the following 4 URLs.

http://intva31.corecontroller.info/dl-pure/1200543/.../?bc=1200543&checksum=85347137&filename=adobe_flash_player.exe&cb=1789985050&hashstring=jb31516&usefilename=true&executableroutePath=1201503&stub=true

http://intva31.corecontroller.info/dl-pure/1200543/.../?bc=1200543&checksum=85254591&filename=adobe_flash_player.exe&cb=-1389464459&hashstring=jb31516&usefilename=true&executableroutePath=1201503&stub=true

http://intva31.corecontroller.info/dl-pure/1200543/.../?bc=1200543&checksum=85364347&filename=adobe_flash_player.exe&cb=1096175785&hashstring=jb31516&usefilename=true&executableroutePath=1201503&stub=true

http://intva31.corecontroller.info/dl-pure/1200543/.../?bc=1200543&checksum=85444121&filename=adobe_flash_player.exe&cb=1120136382&hashstring=jb31516&usefilename=true&executableroutePath=1201503&stub=true

Remove k4vlqvg0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.