home

test.exe

PDA Distribution LLC

The application test.exe by PDA Distribution has been detected as adware by 30 anti-malware scanners.
Publisher:
PDA Distribution LLC  (signed and verified)

MD5:
ce0dd0e192a195b44c76859b8f8d458f

SHA-1:
829e5b2227e1ad6b83ce6b690ef10d0918c8a309

SHA-256:
eeea85eeda8e371a61e7a77ec204508b7dece312c47fd554f37e453de7ec24f5

Scanner detections:
30 / 68

Status:
Adware

Analysis date:
4/18/2024 2:57:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.356345
540

Agnitum Outpost
PUA.LoadMoney
7.1.1

AhnLab V3 Security
PUP/Win32.LoadMoney
15.08.13

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.141.146

avast!
Win32:LoadMoney-EH [PUP]
2014.9-150813

AVG
Generic_r
2016.0.3018

Bitdefender
Gen:Variant.Kazy.356345
1.0.20.1125

Comodo Security
ApplicUnwnt.Win32.Hoax.ArchSMS.BMPC
18054

Dr.Web
Trojan.LoadMoney.240
9.0.1.0225

Emsisoft Anti-Malware
Gen:Variant.Kazy.356345
8.15.08.13.01

ESET NOD32
Win32/LoadMoney.GM (variant)
9.9639

Fortinet FortiGate
W32/LoadMoney.GM!tr
8/13/2015

F-Secure
Gen:Variant.Kazy.356345
11.2015-13-08_5

G Data
Gen:Variant.Kazy.356345
15.8.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11663

Malwarebytes
PUP.Optional.Downloader
v2015.08.13.01

McAfee
Generic Obfuscated.g
5600.6674

MicroWorld eScan
Gen:Variant.Kazy.356345
16.0.0.675

NANO AntiVirus
Trojan.Win32.LoadMoney.cvzecu
0.28.0.58873

Norman
Kelihos.TJU
11.20150813

Panda Antivirus
Suspicious file
15.08.13.01

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.PDADistribution (M)
15.8.13.13

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15811

Sophos
Mal/EncPk-ACO
4.98

Total Defense
Win32/ArchSMS.MMPIPOD
37.0.10860

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.225

Vba32 AntiVirus
BScope.Trojan.TDSS.1112
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28062

File size:
329.9 KB (337,808 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
PDA Distribution LLC

Authority:
Thawte, Inc.

Valid from:
3/5/2014 7:00:00 AM

Valid to:
3/6/2015 6:59:59 AM

Subject:
CN=PDA Distribution LLC, O=PDA Distribution LLC, L=Moscow, S=Moscow region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
073734171C2AD1B60C674267620A6C93

File PE Metadata
Compilation timestamp:
3/23/2014 6:07:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
41.22

CTPH (ssdeep):
6144:gF4mRcFeu9W7YvU27bmg7gbxjCO02rIwkQ:gBOFe5OXkdCOb5kQ

Entry address:
0x4727

Entry point:
55, 8B, EC, 51, A1, AC, 15, 45, 00, 83, C0, 01, A3, AC, 15, 45, 00, 8B, 4D, FC, 89, 0D, 9C, 15, 45, 00, 8B, 15, B0, 15, 45, 00, 03, 55, FC, 89, 15, B0, 15, 45, 00, A1, C8, 15, 45, 00, 83, C0, 01, A3, C8, 15, 45, 00, 8B, 0D, AC, 15, 45, 00, 83, E9, 01, 89, 0D, AC, 15, 45, 00, 8B, 15, 98, 15, 45, 00, 2B, 15, A4, 15, 45, 00, 89, 15, 98, 15, 45, 00, A1, AC, 15, 45, 00, 03, 05, AC, 15, 45, 00, A3, AC, 15, 45, 00, 8B, 0D, 60, 16, 45, 00, 51, 8B, 15, 74, 16, 45, 00, 52, A1, 6C, 16, 45, 00, 50, 8B, 0D, 68, 16, 45...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
310 KB (317,440 bytes)

Remove test.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.