home

konuwindows81update1proturkce3264bitm_10205.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application konuwindows81update1proturkce3264bitm_10205.exe by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
Microsoft  (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:
Setup

Version:
1.0.0.0

MD5:
cf53a1d3c2523d98aef13e88438adc41

SHA-1:
4ce047e1a6bf112034a8f8a3b2ea7bda9144064e

SHA-256:
d3e1b4df405585372e8eeb31d9596dc171b50e8a89c882421130289eb76bb8b0

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/19/2024 10:21:40 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Agent.568536
7.11.196.48

AVG
Generic
2015.0.3257

Comodo Security
ApplicUnwnt
20390

ESET NOD32
MSIL/Adware.Joedown (variant)
8.10887

Fortinet FortiGate
Adware/Agent
12/17/2014

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.2782

McAfee
Artemis!CF53A1D3C252
5600.6913

Panda Antivirus
Generic Suspicious
14.12.17.03

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Amonitize
15.2.14.11

Sophos
Generic PUA EM
4.98

Trend Micro House Call
Suspicious_GEN.F47V1215
7.2.351

File size:
555.2 KB (568,536 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Trademarks:
Microsoft

Original file name:
SetupFull.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\programs\konuwindows81update1proturkce3264bitm_10205.exe

Digital Signature
Signed by:
Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

Authority:
COMODO CA Limited

Valid from:
3/12/2014 2:00:00 AM

Valid to:
3/13/2015 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
12/15/2014 5:06:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:TS/J1s0ldUmx/bLbYnwch3SoMGsgL7GZOsLa30hTbWPMGsgL7GI:TS/J1sGdUmx/bwnwcco/nGZY09S/nGI

Entry address:
0x62D6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
387.5 KB (396,800 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.