home

RollingPop_U.exe

RollingPop_U

Eltwocompany

The application RollingPop_U.exe by Eltwocompany has been detected as adware by 8 anti-malware scanners.
Publisher:
LTOB  (signed by Eltwocompany)

Product:
RollingPop_U

Version:
1.00.0001

MD5:
83fe37750c0faff74feaaa0f850019aa

SHA-1:
4b569037c1fefff6f1f938e84a383d63f2a56403

SHA-256:
b18908e24781d0e441778442a967ad136c32526ab0fc716f409a8f8863a9e209

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
4/26/2024 4:43:23 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic9_c
2016.0.3097

Comodo Security
TrojWare.Win32.TrojanDownloader.VB.PMEA
16997

ESET NOD32
Win32/VB.PBN (variant)
9.8841

IKARUS anti.virus
Trojan.VB2
t3scan.2.0.127

Malwarebytes
Adware.KorAd
v2015.05.27.01

nProtect
Adware/W32.KrAdword.61296
13.09.25.03

Reason Heuristics
PUP.Eltwocompany
15.5.26.21

Trend Micro House Call
TROJ_GEN.F47V0708
7.2.147

File size:
59.9 KB (61,296 bytes)

Product version:
1.00.0001

Original file name:
RollingPop_U.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\rollingpop\rollingpop_u.exe

Digital Signature
Signed by:
Eltwocompany

Authority:
Thawte, Inc.

Valid from:
9/20/2012 9:00:00 AM

Valid to:
9/21/2013 8:59:59 AM

Subject:
CN=Eltwocompany, O=Eltwocompany, L=Seocho-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09D251F244DA1F5DB45EBD3C90B2568F

File PE Metadata
Compilation timestamp:
7/2/2013 4:31:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:7ikGFx8qaBZR/0jgDxRS+C1emVzKq+rly6MKRZZ:mnxdu5DxRS+KxK5my

Entry address:
0x1B58

Entry point:
68, 48, 1D, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 82, 30, 87, C1, 8E, 0A, 47, 4E, B4, 2C, 79, F1, E5, C4, B1, E9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 46, 2D, 39, 37, 35, 34, 52, 6F, 6C, 6C, 69, 6E, 67, 50, 6F, 70, 5F, 55, 00, 7D, 23, 31, 00, 00, 00, 00, 01, 00, 01, 00, E0, 23, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 64, 24, 40, 00, 1C, C0, 40, 00, 00, 00, 00, 00, B0, 7F, 45, 07, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.2198

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
44 KB (45,056 bytes)

Remove RollingPop_U.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.