home

smadav94.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.unjuk.com and multiple other hosts.
MD5:
2a261c995fb236b46562068bd33d5e2b

SHA-1:
edbef83d87accd51ec33d3bc8b94cec9868d4e07

SHA-256:
500f366c5b4e5d9461191c99f2eb03e8549d4acf06abcd84663f0e968e32dcfd

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 12:26:02 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodb98.Trojan
1.3.0.4613

Trend Micro House Call
HV_ZYX_.381B9D0D
7.2.153

Vba32 AntiVirus
Trojan.Badur
3.12.24.3

File size:
792 KB (811,017 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
6/9/2012 2:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:k2O/GlIXXc07hE9m8zWVL8EupH+RPY1RcOxsNvrJvq9bhjp:menyURc1rgb9p

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Code size:
73 KB (74,752 bytes)

The file smadav94.exe has been discovered within the following program.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file smadav94.exe has been seen being distributed by the following 4 URLs.

http://www.unjuk.com/smadav94.exe

http://www.soppeng.com/.../soppeng.com_smadav.exe

http://www.smadav.net/download

http://127.0.0.1:37848/continue?TiCredToken=23177&Source=WTP&URL=http://.../smadav94.exe

Scan smadav94.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.