home

montgomery202014gpdf.exe

Protected Downloader

Zugara Investments Limited

The application montgomery202014gpdf.exe, “Protected Downloader Setup ” by Zugara Investments Limited has been detected as adware by 10 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from suggestor.pirrit.com.
Publisher:
Zugara Investments Limited   (signed by Zugara Investments Limited)

Product:
Protected Downloader

Description:
Protected Downloader Setup

MD5:
b3a798dc3477b1736e89416da0ecdaf8

SHA-1:
7b88f5d9e0a2e1af75810df3b2b5f0b859d5eab6

SHA-256:
9dd3d66c7c5799a2fe48bba4ad6b1beea30e5f485e3d93ff937ec25380411427

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
4/26/2024 5:51:46 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Zugara.boeb
8.3.1.6

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.Zugara.BA
22374

Dr.Web
Adware.Downware.6417
9.0.1.05190

ESET NOD32
Win32/VMDetect.E potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Zugara
15.6.25

IKARUS anti.virus
PUA.VMDetect
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.204.16151

Reason Heuristics
PUP.Installer.ZugaraInvestments
15.6.7.20

VIPRE Antivirus
Threat.4150696
40828

File size:
1.2 MB (1,223,760 bytes)

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\montgomery202014gpdf.exe

Digital Signature
Signed by:
Zugara Investments Limited

Authority:
COMODO CA Limited

Valid from:
7/9/2014 8:00:00 PM

Valid to:
7/10/2015 7:59:59 PM

Subject:
CN=Zugara Investments Limited, O=Zugara Investments Limited, STREET=Naousis 1, STREET="Karapatakis Building, Suite 2, 4th floor", L=Larnaca, S=Larnaca, PostalCode=6018, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0F61CE2AF8431A752FBA5F8EC235BDB0

File PE Metadata
Compilation timestamp:
1/30/2013 9:21:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:pxGjLiwDOU3uhJbyUUFrlAxRwD6KzLYOcux8eaJOPKlsM:iiUehJbyBlAxRAbNcG8dhK

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9209

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file montgomery202014gpdf.exe has been seen being distributed by the following URL.

http://suggestor.pirrit.com/.../offers.php?r=1&d=aHR0cCUzQS8vYXBwLnNvcy5reS5nb3YvYmFsbG90cy9NT05UR09NRVJZJTI1MjAyMDE0Ry5wZGY=&n=TU9OVEdPTUVSWSUyNTIwMjAxNEcucGRm

Remove montgomery202014gpdf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.