» speeddownload_green002.exe
Overview
Analysis
File Details

speeddownload_green002.exe

Biza Inc.

The application speeddownload_green002.exe by Biza has been detected as adware by 23 anti-malware scanners.

File name:

Publisher:

Biza Inc. (signed and verified)

MD5:

5378270efe12aabdc4ec0f45f1f0cd56

SHA-1:

ae4cd07549b9b69672d70fae303bc3beee64ae90

SHA-256:

e3079cc00f17a0d14bc46e24889e3aa08e79c937a0c405ea18a76f4fb3996196

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

4/26/2024 11:33:42 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.SpeedDownload

2013.07.02

Avira AntiVirus

TR/Rogue.kdz.4854.3

7.11.88.24

AVG

Generic5

2015.0.3490

Bitdefender

Trojan.Generic.KDZ.4854

1.0.20.595

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

16524

Dr.Web

Trojan.DownLoader7.42504

9.0.1.0119

Emsisoft Anti-Malware

Trojan.Generic.KDZ.4854

8.14.04.29.04

ESET NOD32

Win32/Adware.Kraddare.FJ (variant)

8.8512

Fortinet FortiGate

Riskware/Kraddare

4/29/2014

F-Secure

Trojan.Generic.KDZ.4854

11.2014-29-04_3

G Data

Trojan.Generic.KDZ.4854

14.4.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.0.3.0

Malwarebytes

Adware.KorAd

v2014.04.29.04

McAfee

Artemis!5378270EFE12

5600.7146

MicroWorld eScan

Trojan.Generic.KDZ.4854

15.0.0.357

nProtect

Trojan/W32.Agent.921848

13.07.01.05

Panda Antivirus

Trj/CI.A

14.04.29.04

Reason Heuristics

PUP.Biza.W

14.12.4.0

Sophos

Generic PUA KO

4.90

SUPERAntiSpyware

Trojan.Agent/Gen-Artemis

10637

Trend Micro House Call

TROJ_GEN.RCBB1AL

7.2.119

VIPRE Antivirus

Trojan.Win32.Generic

19200

ViRobot

Adware.Agent.921848.B

2011.4.7.4223

File size:

900.2 KB (921,848 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\speeddownload_green002.exe

Digital Signature

Signed by:

Biza Inc.

Authority:

Thawte, Inc.

Valid from:

12/11/2012 9:00:00 AM

Valid to:

12/12/2013 8:59:59 AM

Subject:

CN=Biza Inc., OU=SE Team, O=Biza Inc., L=Guro-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

41E87615A226069EF2848787D241C3D4

File PE Metadata

Compilation timestamp:

10/25/2012 4:44:53 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:wKiyzk+2EsJHqOqKXc5KT4Lpg4Zd0lRCXqglFzva40+yoIhCvyLX+kpW21:8uCEGiGfTkpg4/0zCvlFLfbsWyLXFpf

Entry address:

0xBE33

Entry point:

E8, 9E, 24, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 96, 03, 00, 00, 3B, 0D, 4C, F1, 41, 00, 75, 02, F3, C3, E9, 15, 25, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, B2, 29, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 5F, 0C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, DF, 25, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, FE, 0E, 00, 00, 83... 
[+]

Entropy:

7.8057 (probably packed)

Code size:

91.5 KB (93,696 bytes)

Remove speeddownload_green002.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.