home

terrafarmers downloader__3687_i1928465664_il294107.exe

WEuvqcW27CXmk

DHy4XadZ

The application terrafarmers downloader__3687_i1928465664_il294107.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.phonologistaspirin.webcam.
Publisher:
DHy4XadZ

Product:
WEuvqcW27CXmk

Description:
fast install

Version:
182.231.49.136

MD5:
baf3486ccee02b683609b6cc7ac7d4fd

SHA-1:
f15dd09595f96c8db654877e721f4e930f278416

SHA-256:
5465da3ef050732ea73254957f244de8b13ee8327e7b0d6519b3cbc1eed5e93b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
5/2/2024 1:08:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.InstallMonetizer.DHy4XadZ.Installer.Meta (M)
16.6.30.17

File size:
832.5 KB (852,480 bytes)

Product version:
182.231.49.136

Copyright:
CL2016

Trademarks:
OC8ZPJ

Original file name:
W0h3xIC

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\terrafarmers downloader__3687_i1928465664_il294107.exe

File PE Metadata
Compilation timestamp:
6/30/2016 6:58:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:d291ssFLgCnR7CXyVc2YHkgsGZ8nckecEvFJENNSu+EEmzHIw2on:d29isFLggZqvPZzcSXENQKzHn

Entry address:
0x1077B

Entry point:
E8, EE, 48, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 53, 56, 8B, 75, 0C, 57, 83, CF, FF, F6, 46, 0C, 40, 75, 7B, 56, E8, 00, 00, 00, 00, 9C, 83, 44, 24, 04, 0C, 9D, E9, E1, 53, 00, 00, 59, 8B, C8, BB, 70, 11, 44, 00, 3B, CF, 74, 19, 83, F9, FE, 74, 14, 8B, D1, 83, E2, 1F, C1, F8, 05, C1, E2, 06, 03, 14, 85, D8, 2B, 44, 00, EB, 02, 8B, D3, F6, 42, 24, 7F, 75, 25, 3B, CF, 74, 19, 83, F9, FE, 74, 14, 8B, C1, 83, E1, 1F, C1, F8, 05, C1, E1, 06, 03, 0C, 85, D8, 2B, 44, 00, EB, 02, 8B, CB, F6, 41, 24, 80, 74, 17...
 
[+]

Code size:
205.5 KB (210,432 bytes)

The file terrafarmers downloader__3687_i1928465664_il294107.exe has been seen being distributed by the following URL.

http://www.phonologistaspirin.webcam/.../rh763.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.