» kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe
Overview
Analysis
File Details
Downloads (1)

kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe

The application kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.exekur.com.

File name:

Version:

1.1.5.90

MD5:

7df37eb92150bb08d2bfed3891a270f4

SHA-1:

a770c96707eaf076fece9bed0938697554fe9e5b

SHA-256:

14ef25bc5f7e193b83d2b8380e70f9d5b79308f119d2673f6d1699bbf8e48b45

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 3:12:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1649166

994

Agnitum Outpost

PUA.Amonetize

7.1.1

Avira AntiVirus

TR/Rogue.1348096

7.11.145.160

Bitdefender

Trojan.GenericKD.1649166

1.0.20.680

Emsisoft Anti-Malware

Trojan.GenericKD.1649166

8.14.05.16.12

Fortinet FortiGate

Adware/Amonetize

5/16/2014

F-Secure

Trojan.GenericKD.1649166

11.2014-16-05_6

G Data

Trojan.GenericKD.1649166

14.5.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.176.11907

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

14.0.0.3857

McAfee

Artemis!7DF37EB92150

5600.7128

MicroWorld eScan

Trojan.GenericKD.1649166

15.0.0.408

nProtect

Trojan.GenericKD.1649166

14.04.27.01

Qihoo 360 Security

Win32/Virus.Adware.932

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R047H07DL14

7.2.136

File size:

1.3 MB (1,348,096 bytes)

Product version:

1.1.5.90

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe

File PE Metadata

Compilation timestamp:

4/19/2014 6:10:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

24576:HvXP37FiUkC9FWNIxnSGjWmQvp/JKE7Sv063jO5V7SYpaTS9DTn:fF+GKp/cvZ3jOcO9vn

Entry address:

0x1660

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, 8C, 60, 4A, 00, A1, 7F, 60, 4A, 00, C1, E0, 02, A3, 83, 60, 4A, 00, 52, 6A, 00, E8, 3F, 3B, 0A, 00, 8B, D0, E8, 56, 5E, 09, 00, 5A, E8, 78, 5D, 09, 00, E8, 8B, 5E, 09, 00, 6A, 00, E8, 60, 6F, 09, 00, 59, 68, 28, 60, 4A, 00, 6A, 00, E8, 19, 3B, 0A, 00, A3, 87, 60, 4A, 00, 6A, 00, E9, CF, F2, 09, 00, E9, 92, 6F, 09, 00, 33, C0, A0, 71, 60, 4A, 00, C3, A1, 87, 60, 4A, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, E4, 00, 00, 00, 0B, C9... 
[+]

Code size:

660 KB (675,840 bytes)

The file kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe has been seen being distributed by the following URL.

http://www.exekur.com/86713856175986817.asp?e=Kelebegin_Rüyasi_(2013).exe

Remove kelebeginruyasi_7537_il613042-ucretsizmp3.com.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.