» rus for the-incredible-adventures-of-van-helsing.exe
Overview
Analysis
File Details
Downloads (1)

rus for the-incredible-adventures-of-van-helsing.exe

Windows Commander 32 bit

C. Ghisler & Co.

The application rus for the-incredible-adventures-of-van-helsing.exe, “Ghisler Parallel Driver” has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.playground.ru.

File name:

Publisher:

C. Ghisler & Co.

Product:

Windows Commander 32 bit

Description:

Ghisler Parallel Driver

Version:

1.10

MD5:

25b7f50a39290c465c1eb1190b552810

SHA-1:

117ddb4ef84ce2d6dde64f5a287143f1a2420303

SHA-256:

d83d21ec989b59307c352893ec4d6c463788cf41aa87c0927242ab832d5b3747

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:39:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.Renos.Hy0@cGEBshak

887

AhnLab V3 Security

PUP/Win32.LoadMoney

2014.08.25

Avira AntiVirus

APPL/Downloader.Gen7

7.11.168.254

avast!

Win32:Installer-U [PUP]

140813-1

AVG

Generic5

2015.0.3365

Bitdefender

Gen:Trojan.Heur.Renos.Hy0@cGEBshak

1.0.20.1215

Bkav FE

HW32.CDB

1.3.0.4959

Dr.Web

Trojan.LoadMoney.310

9.0.1.05190

Emsisoft Anti-Malware

Gen:Trojan.Heur.Renos.Hy0@cenFsWok

9.0.0.4324

ESET NOD32

Win32/AdWare.LoadMoney.SA (variant)

8.10307

F-Secure

Gen:Trojan.Heur.Renos.Hy0@cGEBshak

11.2014-31-08_1

G Data

Gen:Trojan.Heur.Renos.Hy0@cGEBshak

14.8.24

Kaspersky

not-a-virus:Downloader.Win32.Agent

15.0.0.463

Malwarebytes

Trojan.Agent.FKV

v2014.08.31.03

MicroWorld eScan

Gen:Trojan.Heur.Renos.Hy0@cGEBshak

15.0.0.729

Reason Heuristics

Threat.Win.Reputation.IMP

14.8.31.15

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14829

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.3

VIPRE Antivirus

Threat.4657539

32210

File size:

531.5 KB (544,256 bytes)

Product version:

4.50

Original file name:

CGLPTNT.SYS

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\rus for the-incredible-adventures-of-van-helsing.exe

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:/zuMBh97J8DCK3UOzl0szm1VHrAVnq24+RE:/zuOh3OCAUHQQVHkhtlRE

Entry address:

0x1080

Entry point:

83, 3D, 2C, A0, 47, 00, 01, 75, 39, 89, 05, 48, A0, 47, 00, 80, 3D, EB, A0, 47, 00, 00, 74, 18, 89, 15, 35, A0, 47, 00, C7, 05, C4, A0, 47, 00, 8D, 02, 01, 00, 89, 3D, 12, A0, 47, 00, EB, 0C, 89, 05, C8, A0, 47, 00, 01, 15, 1C, A0, 47, 00, 21, 05, 74, A0, 47, 00, E9, 11, 81, 07, 00, C3, FF, 25, 24, A0, 47, 00, B8, 00, 10, 40, 00, C3, FF, 25, 10, F5, 47, 00, 8B, C0, 55, 8B, EC, 83, C4, 98, 89, 45, FC, 29, 1D, A3, A0, 47, 00, 3B, 7C, 24, E0, 7D, 11, 8D, 35, 35, A0, 47, 00, 83, 26, 02, 87, 1D, 28, A0, 47, 00... 
[+]

Code size:

482.5 KB (494,080 bytes)

The file rus for the-incredible-adventures-of-van-helsing.exe has been seen being distributed by the following URL.

http://www.playground.ru/redirect/.../MjU0NztodHRwJTNBJTJGJTJGd3d3LnBsYXlncm91bmQucnUlMkZkb3dubG9hZCUyRiUzRmZpbGUlM0Q2OTA1MyUyNm1pcnJvciUzRCUyNmZyb20lM0RodHRwO25hbWU9UlVTX0ZPUl9UaGUtSW5jcmVkaWJsZS1BZHZlbnR1cmVzLW9mLVZhbi1IZWxzaW5nLnJhcjtzaXplPTI0MDEyMzkwNDt0eXBlPWFyY2hpdmU=

Remove rus for the-incredible-adventures-of-van-helsing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.