» mail.ru_cloud.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

mail.ru_cloud.exe

Mail.Ru Cloud

Mail.Ru LLC

The application mail.ru_cloud.exe, “Mail.Ru Cloud Setup ” by Mail.Ru has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Toolwiz Time Freeze 2014 by ToolWiz. The file has been seen being downloaded from desktopcloud.cdnmail.ru and multiple other hosts.

File name:

mail.ru_cloud.exe

Publisher:

Mail.Ru Group (signed by Mail.Ru LLC)

Product:

Mail.Ru Cloud

Description:

Mail.Ru Cloud Setup

Version:

15.02.0015

MD5:

6eaf8e085f9a52ffc4c3d3c3b7669a09

SHA-1:

e18202c92060c040936a3774479b5fc727ba5828

SHA-256:

e8299c3f22e4ab4b95fc525ec227b43cc7440ce960d546d83bc62bb59bac0e82

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:15:17 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3387

Reason Heuristics

Adware.Bundler (M)

16.11.30.20

File size:

7.7 MB (8,092,832 bytes)

Product version:

15.02.0015

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\mail.ru_cloud.exe

Digital Signature

Signed by:

Mail.Ru LLC

Authority:

Thawte, Inc.

Valid from:

2/13/2014 4:00:00 AM

Valid to:

2/14/2016 3:59:59 AM

Subject:

CN=Mail.Ru LLC, O=Mail.Ru LLC, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5DD9E9143C8285BDFD81029753FE4ED7

File PE Metadata

Compilation timestamp:

1/30/2013 6:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:8sBWlZ4mxRnLjlMK0bTYXz5JoMv135P+duvUWWMYzK+e:8sBWlZ4intMNKtJoMNpLOMYzK+

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file mail.ru_cloud.exe has been discovered within the following program.

Toolwiz Time Freeze 2014 by ToolWiz

www.Toolwiz.com

About 1% of users remove it

The file mail.ru_cloud.exe has been seen being distributed by the following 2 URLs.

https://desktopcloud.cdnmail.ru/.../Mail.Ru_Cloud.exe

https://clouddist.cdnmail.ru/Mail.Ru_Cloud.exe

Remove mail.ru_cloud.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.