home

shark pro files__6629_i1928741549_il366371.exe

rImr13e8

Fenamn Farts

The application shark pro files__6629_i1928741549_il366371.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.phonologistaspirin.webcam.
Publisher:
Fenamn Farts

Product:
rImr13e8

Description:
smart install

Version:
220.146.46.16

MD5:
2161d46711435980a9e320627c715f4b

SHA-1:
66e741952e04906304b1ca441c30160db26d0c0e

SHA-256:
29dffdde572e69819fbe4a9162a62832fd8f2caa59365284d4df22eb580e9f36

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
5/2/2024 6:38:07 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.FenamnFa.Installer.Meta (M)
16.7.2.11

File size:
642.5 KB (657,920 bytes)

Product version:
220.146.46.16

Copyright:
Rights 2000

Trademarks:
gnXslPE

Original file name:
fAfjtC6Aa3gIfv

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\shark pro files__6629_i1928741549_il366371.exe

File PE Metadata
Compilation timestamp:
7/2/2016 4:29:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:9vYlXOL3J9yzd2XVD/JnsC7NCeZ6v1rSruhyZw0GccpncFBxZdAvtFeBb4wKcywi:9+83OoVVsQNt69guhCwAcWwQyo2J

Entry address:
0x82EC

Entry point:
E8, 5A, 65, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, F8, 6A, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, F8, 6A, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, E0, 6A, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, E0, 6A, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Entropy:
7.1250

Code size:
143.5 KB (146,944 bytes)

The file shark pro files__6629_i1928741549_il366371.exe has been seen being distributed by the following URL.

http://www.phonologistaspirin.webcam/.../gnn96.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.