home

kduxtilunrb.exe

Crime Watch

Great Apps

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application kduxtilunrb.exe by Great Apps has been detected as adware by 9 anti-malware scanners.
Publisher:
Great Apps  (signed and verified)

Product:
Crime Watch

Description:
CrimeWatch

Version:
1.0.0.0

MD5:
2ba96d320f98523576b135d3bd74d684

SHA-1:
c53fa3e655e344c77f5babe52ec5df85134ed3f1

SHA-256:
4efad22d80308e360612b1410eff34147bcec4726022ed93d68174e5a2c51e57

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/24/2024 12:27:49 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3136

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.15418

Dr.Web
Adware.Yontoo.68
9.0.1.05190

ESET NOD32
MSIL/Adware.PullUpdate.N.gen application
7.0.302.0

Kaspersky
not-a-virus:AdWare.MSIL.PullUpdate
15.0.0.543

Malwarebytes
PUP.Optional.CrimeWatch.A
v2015.04.18.09

Reason Heuristics
Threat.Injekt.GreatApps
15.4.18.4

Sophos
Generic PUA MF
4.98

Trend Micro House Call
TROJ_GEN.R08NH07DI15
7.2.108

File size:
46.5 KB (47,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Great Apps 2015

Original file name:
CrimeWatch.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\application data\lnhbzfxwl\dat\kduxtilunrb.exe

Digital Signature
Signed by:
Great Apps

Authority:
Symantec Corporation

Valid from:
2/16/2015 7:00:00 PM

Valid to:
2/17/2016 6:59:59 PM

Subject:
CN=Great Apps, O=Great Apps, L=St. Michael, S=St. Michael, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
18DA5D77283E42E4EA6279778229FFBA

File PE Metadata
Compilation timestamp:
4/16/2015 10:42:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:VQO6k4i5hADzDn3OC3aToZ31uvWq3jIFaMUl0OlIPa5zonPOSa98EYcxc:V36k4i5Of3OpToZ31jgcFaMUgiGnU9gZ

Entry address:
0xB6EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6919

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38 KB (38,912 bytes)

Remove kduxtilunrb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.