home

password-decryptor-3-12-100-en-win.exe

Asterisk Password Decryptor

Serhiy Horobets

The application password-decryptor-3-12-100-en-win.exe by Serhiy Horobets has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
KRyLack Software  (signed by Serhiy Horobets)

Product:
Asterisk Password Decryptor

Version:
3.12.100

MD5:
2e1fe046a00bc18b472fb684249a55ea

SHA-1:
9baf557195ba8f62143820f06d02fc5771919444

SHA-256:
b58232492eaaa47a82edfe9f9a6abebf67c315ee0de704fb79590e8309af5f73

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
4/27/2024 12:12:27 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallMonetizer.AH potentially unwanted
9.11562

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

File size:
2.9 MB (3,048,432 bytes)

Product version:
3.12.100

Copyright:
Copyright (C) KRyLack Software

Original file name:
KLPassDecryptSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\password-decryptor-3-12-100-en-win.exe

Digital Signature
Signed by:
Serhiy Horobets

Authority:
COMODO CA Limited

Valid from:
6/11/2013 7:00:00 PM

Valid to:
6/12/2014 6:59:59 PM

Subject:
CN=Serhiy Horobets, O=Serhiy Horobets, STREET=Sechenova st. 7a - 38, L=Kiev, S=Kiev, PostalCode=03127, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00896DBAF0536290A84AFCF077BF3B9614

File PE Metadata
Compilation timestamp:
3/21/2013 1:52:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:52rWTErNtaNFkNarNRGN2mNzBNl8MCCjsrdKXFgLbmJTY9ATMgGh7aNOinglEIp/:wWGugMipLl8MCCjM7iTyATMVKOqglN

Entry address:
0x2DFBE

Entry point:
55, 8B, EC, 83, EC, 44, 56, 57, FF, 15, 6C, 01, 43, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, EB, 7C, E8, 21, FD, FF, FF, 8A, 06, 3C, 22, 8B, 3D, 48, 03, 43, 00, 75, 15, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 1E, 84, C0, 75, F1, 3C, 22, 75, 1B, EB, 14, 3C, 20, 7E, 15, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, EB, 09, 3C, 20, 7F, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, A0, 01, 43, 00, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00...
 
[+]

Entropy:
7.7161

Developed / compiled with:
Microsoft Visual C++

Code size:
185.5 KB (189,952 bytes)

The file password-decryptor-3-12-100-en-win.exe has been seen being distributed by the following 2 URLs.

http://dw.uptodown.com/dwn/ANIS1P4T1pI2n7NDhsbuq1nu3sXYcd9uAbA6KrO5xPzjIt5Se0eoUAUcdSGfINSjA5mjnoXGSm8O6dWZSF_-4RMHUwAY-Am28AOodxmFmmlAQkSvOzylmjcIyGcxnso5/.../

http://dw.uptodown.com/dl/1446157455/.../password-decryptor-3-12-100-en-win.exe

Remove password-decryptor-3-12-100-en-win.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.