» ski jumperscpu.rar.exe
Overview
Analysis
File Details
Downloads (1)

ski jumperscpu.rar.exe

M417 LTD.

The application ski jumperscpu.rar.exe by M417 has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from zone.speedyshareltd.netdna-cdn.com.

File name:

Publisher:

M417 LTD. (signed and verified)

MD5:

403da9f68969d307247600b1e72f2d2f

SHA-1:

8f03b99f09d2d4cfa6bc01998d63d3285e470b08

SHA-256:

4339bbbf5d0849386fb10049b9ff690f1d99816fbf1bfadd3fc659e5c9d7ca81

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/19/2024 3:23:49 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.NSIS

14.05.28

ESET NOD32

Win32/InstallMonetizer.AL

8.9639

K7 AntiVirus

Unwanted-Program

13.176.11663

Kaspersky

not-a-virus:Downloader.NSIS.Agent

14.0.0.3798

Malwarebytes

Trojan.InstallMonetizer

v2014.05.28.11

McAfee

Artemis!403DA9F68969

5600.7117

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Quick Heal

TrojanDownLoader.NSIS.Agent.A

5.14.12.00

Reason Heuristics

PUP.M417.R

14.8.8.0

Sophos

SpeedyShare Downloader

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

VIPRE Antivirus

Adware.Monetizer

28042

File size:

94.8 KB (97,040 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Digital Signature

Signed by:

M417 LTD.

Authority:

StartCom Ltd.

Valid from:

8/12/2013 10:14:35 AM

Valid to:

8/12/2015 7:35:02 PM

Subject:

E=INFO@M417LTD.NET, CN=M417 LTD., O=M417 LTD., L=London, S=Greater London, C=GB, Description=Q1G5XvtHln8BTB3V

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0AB5

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:SLXB65939tY6HBg4sXJS1JaURJT6dURd20zCj/LnVS9F3u8lzAk7AhTGT:SLk395hYXJitYqT0nM9NlzZ8y

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file ski jumperscpu.rar.exe has been seen being distributed by the following URL.

http://zone.speedyshareltd.netdna-cdn.com/dl64/46439/.../U2tpK0p1bXBlcnNjcHUucmFyLmV4ZQ==

Remove ski jumperscpu.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.