home

{blocked}.exe

Veristaff.com Inc

The application {blocked}.exe by Veristaff.com Inc has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.ppdownload.com and multiple other hosts.
Publisher:
Veristaff.com Inc  (signed and verified)

MD5:
d2f5fb6bbea9c00319480ebb163c1180

SHA-1:
a7dd822197531b67ce37fb1b60c3c924e33e1609

SHA-256:
cef436b35999a3058e487e88d1d0b11a3501b23d9048cb838f942d63cd5a6909

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/24/2024 9:30:26 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.149279
866

Agnitum Outpost
Trojan.Injector
7.1.1

avast!
Win32:Malware-gen
2014.9-140728

AVG
Veristaff
2015.0.3344

Bitdefender
Gen:Variant.Graftor.149279
1.0.20.1320

Emsisoft Anti-Malware
Gen:Variant.Graftor.149279
8.14.09.21.03

ESET NOD32
Win32/Injector.BIZV (variant)
8.10277

F-Secure
Gen:Variant.Graftor.149279
11.2014-21-09_1

G Data
Gen:Variant.Graftor.149279
14.9.24

IKARUS anti.virus
Trojan-Spy.Zbot
t3scan.1.6.1.0

McAfee
Artemis!148927801825
5600.7000

MicroWorld eScan
Gen:Variant.Graftor.149279
15.0.0.792

Panda Antivirus
Trj/Chgt.B
14.09.21.03

Reason Heuristics
PUP.Veristaff.R
14.7.28.8

Sophos
Veristaff
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32342

File size:
10 MB (10,473,768 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\savepass_20140722.exe

Digital Signature
Signed by:
Veristaff.com Inc

Authority:
DigiCert Inc

Valid from:
7/8/2014 9:00:00 PM

Valid to:
7/14/2015 9:00:00 AM

Subject:
CN=Veristaff.com Inc, O=Veristaff.com Inc, L=Wilmington, S=Delaware, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B0EA10F13BB9EB2057BECB9A30F59D4

File PE Metadata
Compilation timestamp:
7/22/2014 4:01:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:UiBC5PyKKf3nQGL6HuzSsPGe26rUuL9i8q/4Ug05EB9pbu:yPyKKvQ35b6Y8I8qwUg05Epu

Entry address:
0x77E8

Entry point:
E8, 12, 28, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, C0, E1, 40, 4F, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 68, E0, 40, 4F, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, 3D, 41, 4F, 89, 0D, 44, 3D, 41, 4F, 89, 15, 40, 3D, 41, 4F, 89, 1D, 3C, 3D, 41, 4F, 89, 35, 38, 3D, 41, 4F, 89, 3D...
 
[+]

Code size:
48.5 KB (49,664 bytes)

The file {blocked}.exe has been seen being distributed by the following 3 URLs.

http://cdn.ppdownload.com/Installer/.../SavePass_20140722.exe

http://cdn.download4desktop.com/Installer/.../SavePass_20140722.exe

http://dl1.downserver2.com/Installer/.../SavePass_20140722.exe

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.