home

navyki_rebenka.exe

INFORMATSIONNYE TEKHNOLOGII, OOO

The application navyki_rebenka.exe by INFORMATSIONNYE TEKHNOLOGII, OOO has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.nashyfast.ru.
Publisher:
INFORMATSIONNYE TEKHNOLOGII, OOO  (signed and verified)

MD5:
d85bf21a281726bc3f30423da71b0919

SHA-1:
f56bc5d27d153b28a9b3fbc19a5dbef1a14a8c1d

SHA-256:
e9cc8d965438517fb95682c476155420f39f6f54ff31e9f9e7279eefbf678303

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
4/23/2024 2:56:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.LoadMoney.61
1028

AhnLab V3 Security
Adware/Win32.LoadMoney
2014.02.19

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.132.158

AVG
Win32/Cryptor
2015.0.3506

Bitdefender
Gen:Variant.Application.LoadMoney.61
1.0.20.510

Dr.Web
Trojan.LoadMoney.15
9.0.1.0102

Fortinet FortiGate
Riskware/LMN
4/12/2014

F-Secure
Gen:Variant.Application.LoadMoney
11.2014-12-04_7

G Data
Gen:Variant.Application.LoadMoney.61
14.4.24

K7 AntiVirus
Trojan
13.176.11205

Malwarebytes
PUP.Optional.LoadMoney
v2014.04.12.01

McAfee
Downloader-FWY!D85BF21A2817
5600.7162

MicroWorld eScan
Gen:Variant.Application.LoadMoney.61
15.0.0.306

Norman
Kryptik.CDIC
11.20140412

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.14410

Vba32 AntiVirus
Malware-Cryptor.Limpopo
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
26624

File size:
144 KB (147,416 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\navyki_rebenka.exe

Digital Signature
Signed by:
INFORMATSIONNYE TEKHNOLOGII, OOO

Authority:
COMODO CA Limited

Valid from:
1/24/2014 6:00:00 AM

Valid to:
1/25/2015 5:59:59 AM

Subject:
CN="INFORMATSIONNYE TEKHNOLOGII, OOO", O="INFORMATSIONNYE TEKHNOLOGII, OOO", STREET="4-6 str. 3, per. Nikoloyamski", L=Moscow, S=Moscow region, PostalCode=109004, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D9D81FB1247142AE81FF73D60F97FD3

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:0NUJuBl6LrCzEOrbhx6EuoZz61go2BkJhOUvwrhUN9Pac:0ZlArCr7DzlorDv

Entry address:
0x1000

Entry point:
E9, 6F, 9F, 01, 00, C3, 8B, C0, C3, 8D, 40, 00, FF, 25, 24, 00, 42, 00, B8, 08, 10, 40, 00, C3, 55, 8B, EC, 81, C4, 4C, FF, FF, FF, C7, 05, BF, 00, 42, 00, 0B, 61, 01, 00, 89, 05, 05, 01, 42, 00, 89, 35, 8D, 00, 42, 00, 89, 0D, A6, 00, 42, 00, B8, 4E, 01, 00, 00, C7, 45, FC, F0, 39, 01, 00, A1, 18, 19, 42, 00, 89, 45, F8, C7, 45, F4, 1D, 00, 00, 00, 8B, 45, F4, 50, 8B, 45, F8, 50, 8B, 45, FC, 50, E8, 47, 06, 00, 00, 85, C0, 74, 0C, 89, 4C, 24, E4, 29, 15, 6C, 00, 42, 00, 89, C6, 89, 0D, 39, 00, 42, 00, 01...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
104.5 KB (107,008 bytes)

The file navyki_rebenka.exe has been seen being distributed by the following URL.

http://forces.nashyfast.ru/NTY7aHR0cCUzQSUyRiUyRnMyLmZpbGUtc3BhY2Uub3JnJTJGZG93biUyRkNCdjd5aVdCVXIlMkYxMzkyODE4MzczJTJGd2VLNDdGbjlfdzlTSUpJNklGczJQQSUyRjIyOTklMkYwJTJGMjI5OSUyRk5hdnlraV9yZWJlbmthLnJhcjtkb3dubG9hZGVyTmF2eWtpX3JlYmVua2EucmFyO3JhcjsxMjAyNDgxNA==

Remove navyki_rebenka.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.