» monopoly font font.exe
Overview
Analysis
File Details
Downloads (1)

monopoly font font.exe

The application monopoly font font.exe has been detected as a potentially unwanted program by 41 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from skipperking.info.

File name:

MD5:

27a219a2c4b8c7f467a8ce96afb6e89e

SHA-1:

641eacb424db015f4d1783f3977c1c77c3d9720e

SHA-256:

2f0391aac1149906b013b59498843a0a6c64b10c23a2191d637dcb001c5078d6

Scanner detections:

41 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 11:48:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.MPlug.29

6505014

Agnitum Outpost

Win32.Ramnit.Gen.3

7.1.1

AhnLab V3 Security

Win32/Ramnit.B

2015.01.26

Avira AntiVirus

W32/Ramnit.A

7.11.205.14

avast!

Win32:MultiPlug-OZ [PUP]

150101-1

AVG

Adware Generic6.JUD

2014.0.4257

Baidu Antivirus

Virus.Win32.Nimnul.$a

4.0.3.1521

Bitdefender

Win32.Ramnit

1.0.20.160

Bkav FE

W32.RammitNNA.PE

1.3.0.6379

Clam AntiVirus

W32.Ramnit-1

0.98/19978

Comodo Security

Virus.Win32.Ramnit.A

20845

Dr.Web

Trojan.Crossrider1.9353

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.MPlug.29

9.0.0.4799

ESET NOD32

Win32/Adware.MultiPlug.ED application

7.0.302.0

Fortinet FortiGate

W32/Ramnit.C

2/1/2015

F-Prot

W32/Ramnit.B

v6.4.6.5.141

F-Secure

Gen:Variant.Adware.MPlug.29

5.13.68

G Data

Win32.Ramnit

15.2.24

IKARUS anti.virus

not-a-virus:AdWare.MultiPlug

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.192.14746

Kaspersky

Virus.Win32.Nimnul

14.0.0.2554

Malwarebytes

Virus.Ramnit

v2015.02.01.05

McAfee

W32/Ramnit.a

5600.6868

Microsoft Security Essentials

Threat.Undefined

1.191.3234.0

MicroWorld eScan

Win32.Ramnit

16.0.0.96

NANO AntiVirus

Virus.Win32.Nimnul.bpchjo

0.30.0.64812

Norman

Win32.Ramnit

11.20150201

nProtect

Win32.Ramnit

15.01.23.01

Panda Antivirus

W32/Cosmu.gen

15.02.01.05

Qihoo 360 Security

Virus.Win32.Ramnit.B

1.0.0.1015

Quick Heal

W32.Ramnit.A

2.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.1.5

Rising Antivirus

PE:Win32.Ramnit.a!1590234

23.00.65.15130

Sophos

Virus 'W32/Patched-I'

Total Defense

Win32/Ramnit.A

37.0.11404

Trend Micro House Call

PE_RAMNIT.H

7.2.32

Trend Micro

PE_RAMNIT.H

10.465.01

Vba32 AntiVirus

Virus.Win32.Nimnul.a

3.12.26.3

VIPRE Antivirus

Threat.4726519

36666

ViRobot

Win32.Ramnit.E[h]

2014.3.20.0

Zillya! Antivirus

Virus.Nimnul.Win32.2

2.0.0.2045

File size:

1.3 MB (1,349,120 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\monopoly font font.exe

File PE Metadata

Compilation timestamp:

8/17/2013 1:58:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:EU9KOZr4J7yByQgSdrooJz/FuR1MpFMCpYT6BA+U5xghbfq:99KOZkZzQjzzN4qFMhuUQh

Entry address:

0x1749C

Entry point:

E8, 1B, 39, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, B5, 45, 00, E8, 4E, 11, 00, 00, E8, E8, 3A, 00, 00, 0F, B7, F0, 6A, 02, E8, AE, 38, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C2, 09, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

340.5 KB (348,672 bytes)

The file monopoly font font.exe has been seen being distributed by the following URL.

http://skipperking.info/hp/?q=KuJpi6DOTrEKTYSUMOHqfZuroFBOKjYtgdzoWvbh6319R2oEF10Fkba/f2GzgP iMWEgz5DXNvKryAfWJGfrmjwpoxB 7sbO/AxZmczCnJqM3f8asiBBBLg 3o ISWABkbXVFlT3lKxYy8IOlSYW pqaD8hW04twypxj8XGA2f26gGoqM Cb7d2m/r6Xdm689rwpr49dFEDlhKEfq10lVkTWrVMySiS977wnI 4 oeaThS5yfnvfPNiwowJA3Jium3tInhPfVRGBUn7Eppet1mpTAYmq9N8AyW5y6P4UC0EzsW0UEWBZJTQuo/RITpLN2h0OmMIzIGLLnVjvAhukEUOWyEKBrai/3E0k/5QjgI/kZPNHGBEw/1CSmrhf9rvJXVYkXVY/qlnMtTo/m7Ss/JD5ZYUD22L5KjMpM4nPVkWqk8AXj55HeGa2nOgFOWFZ9gxsIEY9DjC/J6JXBEIEbdj /h6p5toc9uXKxr63j4gMYr3lyGFl pXpxQ7XB7zUxovrRir0fI6ssfGtjit2FY5Yvm2n3bBuhlYEvnd2VO9c5UbZe0poBcg7b3vGePbVpKo l8t9VUmeslZu0dblrs962C5Riqza7h7mrpUWwXsGY6NInHTK4xT7YeSZ0yrvGaog/.../nOf9f2PO4TvaZuTu5f&external_id=1422095163628479323

Remove monopoly font font.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.