home

route_anzeigen.exe

Arne Koenig

The application route_anzeigen.exe by Arne Koenig has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.routenplaner-kostenlos.com.
Publisher:
Arne Koenig  (signed and verified)

MD5:
6b392f81f89393dc22ec9c32199c1f77

SHA-1:
eede742cce7ebe6c7043fd9f47183425222e5d5c

SHA-256:
5c3bbc17c794945b722488a2a8c91bdface1f468bc40f4ea1950e40988583015

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/25/2024 2:09:11 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.NSIS.StartPage
4.0.3.141114

Comodo Security
UnclassifiedMalware
19316

ESET NOD32
NSIS/StartPage.CB
8.10316

McAfee
Artemis!6B392F81F893
5600.6947

Reason Heuristics
PUP.ArneKoenig.O
14.11.14.4

Trend Micro House Call
Suspicious_GEN.F47V0803
7.2.318

VIPRE Antivirus
Trojan.StartPage
32554

File size:
856.3 KB (876,840 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\route_anzeigen.exe

Digital Signature
Signed by:
Arne Koenig

Authority:
GlobalSign nv-sa

Valid from:
7/25/2013 1:50:56 PM

Valid to:
10/5/2015 12:29:51 PM

Subject:
CN=Arne Koenig, O=Arne Koenig, L=Verden, S=Niedersachsen, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DB127B48E06471C3253A24171364E23B

File PE Metadata
Compilation timestamp:
7/14/2013 10:09:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:300xPaOZ+RTTlO8+sC0moKMxT8Rrl853PS0i1kv:fxig688+sC0BPxKrl4S0Bv

Entry address:
0x310B

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 73, 2D, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, E0, 8F, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, A0, E3, 42, 00, E8, 1D, 2A, 00, 00, FF, 15, 1C, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 0B, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file route_anzeigen.exe has been seen being distributed by the following URL.

http://www.routenplaner-kostenlos.com/route_anzeigen.exe

Remove route_anzeigen.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.