» s3d4.exe
Overview
Analysis
File Details
Downloads (2)

s3d4.exe

Process Of

Decoration To

The application s3d4.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from newspapersons.biz and multiple other hosts.

File name:

s3d4.exe

Publisher:

Decoration To

Product:

Process Of

Description:

In Elated

Version:

5.0.1.7

MD5:

4094f756d5ec5dd721c998b849429765

SHA-1:

40b7bc594783d0867e3b7780ec661f55dcc77755

SHA-256:

c1da36c2916ee5913662253f7caa4532bd16a2f2c4f048c0f680aacbf73d6016

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

5/11/2024 12:06:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.19

878

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

Win32:MultiPlug-DN [PUP]

2014.9-140921

AVG

Generic5

2015.0.3356

Bitdefender

Gen:Variant.Application.Bundler.19

1.0.20.1260

Bkav FE

HW32.Paked

1.3.0.4959

Dr.Web

BackDoor.Andromeda.493

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Graftor.154129

14.09.09

ESET NOD32

Win32/AdWare.MultiPlug.CB (variant)

8.10391

F-Prot

W32/A-02d9686a

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-09-09_3

G Data

Gen:Variant.Application.Bundler.19

14.9.24

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13432

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

14.0.0.3217

Malwarebytes

PUP.Optional.MultiPlug

v2014.09.09.07

McAfee

MultiPlug

5600.7012

MicroWorld eScan

Gen:Variant.Application.Bundler.19

15.0.0.756

NANO AntiVirus

Trojan.Win32.XPACK.deqzzp

0.28.2.62151

nProtect

Trojan-Clicker/W32.MultiPlug.870256

14.09.19.01

Panda Antivirus

PUP/TSUploader

14.09.21.02

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.21.14

Sophos

MultiPlug

4.98

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

File size:

845.5 KB (865,792 bytes)

Product version:

0.8.8.2

Original file name:

Windows 7 Loader Activator v2.1.9 Free D.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\temp\s3d4.exe

File PE Metadata

Compilation timestamp:

6/1/2013 4:00:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:1ZYz0rWC0oauEqFenLhY4DF8khO30QKrkejCoFnYmNs7v/1RLckTNX9gyXPt:3Yz0rneL+map30Q0LOoFnJsD/1HNJPt

Entry address:

0x16A37

Entry point:

E8, 66, 43, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 23, 4D, 00, E8, E3, 10, 00, 00, E8, 33, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, F9, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 52, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.8649 (probably packed)

Code size:

131 KB (134,144 bytes)

The file s3d4.exe has been seen being distributed by the following 2 URLs.

http://newspapersons.biz/v2145/lp/?q=YOMzvzMKhCXPCjlhab7yesYjKQQ9TlUp/0DZ1c40yDe4zqcySy2C9Eb0hVCL9uHZ 3tQSBLMowc1KPwEW dhXb19pvQQIvZt8OyELYGal1oLLo5XqUBY1Bbz7gJwAWpQSUCvLNLbfNvUkhqvtq86Lx0Upw1U6VkmtKqjsATu7FySyYyspah73TL4Ocsk888Nxo2wIEmDtmpEmgwfuCoD5Oa6CmbS79CmB3BeRnLmuRdGDd8IvxquT2AHFcH4UHCIHwK/ZmtWPnZJ tPloliEc9rGUwbkwi5pLAqMukipFdG1fCSlgFqrepNABzHUrhvZqXaRN3WRKun5NMdh9hEV 8rzbvZtZJ2MaMrkMagrx7mvcV20g2ecAkVrzYBosz3ABSv8YGdD0RuKdg/JBdywQ0OOcRvfG8wPUtRhFABf4VA6kZfNXBYG/.../C53BAdMqkmnw2B9b7ythptYcu73ueDD&external_id=1410299686038398874

http://applicationgrabb.net/b7d8eaf721204f880277746d129575ab/aq_b/dl.php?id=1410299686038398874&r=http://newspapersons.biz/v2145/lp/?q=YOMzvzMKhCXPCjlhab7yesYjKQQ9TlUp/0DZ1c40yDe4zqcySy2C9Eb0hVCL9uHZ 3tQSBLMowc1KPwEW dhXb19pvQQIvZt8OyELYGal1oLLo5XqUBY1Bbz7gJwAWpQSUCvLNLbfNvUkhqvtq86Lx0Upw1U6VkmtKqjsATu7FySyYyspah73TL4Ocsk888Nxo2wIEmDtmpEmgwfuCoD5Oa6CmbS79CmB3BeRnLmuRdGDd8IvxquT2AHFcH4UHCIHwK/ZmtWPnZJ tPloliEc9rGUwbkwi5pLAqMukipFdG1fCSlgFqrepNABzHUrhvZqXaRN3WRKun5NMdh9hEV 8rzbvZtZJ2MaMrkMagrx7mvcV20g2ecAkVrzYBosz3ABSv8YGdD0RuKdg/JBdywQ0OOcRvfG8wPUtRhFABf4VA6kZfNXBYG/.../C53BAdMqkmnw2B9b7ythptYcu73ueDD&__rnd=aede69e99093cb0b785df7b808eea25d

Remove s3d4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.