» the.walking.dead.s04e08.7_10924_i90693911_il345.exe
Overview
Analysis
File Details

the.walking.dead.s04e08.7_10924_i90693911_il345.exe

WinAce

KASHTAN OOO

The application the.walking.dead.s04e08.7_10924_i90693911_il345.exe, “http://www.winace.com” by KASHTAN OOO has been detected as a potentially unwanted program by 8 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

e-merge GmbH (signed by KASHTAN OOO)

Product:

WinAce

Description:

http://www.winace.com

Version:

2.69.0.0

MD5:

3ca145f467a110f061cdd36afa5160d1

SHA-1:

77d906c3a1d453b961830279259d5c56ede1a362

SHA-256:

20613d0df3338f95e7a5dd53a3723dc99a4e16c73f60539ede101e09e4ad76c4

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

5/4/2024 8:41:26 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/DH{PXIx?}

2016.0.2913

Bkav FE

W32.HfsAdware

1.3.0.7383

Dr.Web

Trojan.Amonetize.11197

9.0.1.0331

ESET NOD32

Win32/Amonetize.LM potentially unwanted (variant)

9.12629

NANO AntiVirus

Trojan.Win32.Amonetize.dytuks

0.30.26.4751

Qihoo 360 Security

QVM19.1.Malware.Gen

1.0.0.1077

Reason Heuristics

PUP.KASHTAN (M)

15.11.27.2

Vba32 AntiVirus

Signed-Downware.Amonetize

3.12.26.4

File size:

3.4 MB (3,579,280 bytes)

Product version:

02.69.00.00

1997-2007 ACE Compression Software & e-merge GmbH

Trademarks:

1997-2007 ACE Compression Software & e-merge GmbH

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\users\{user}\downloads\the.walking.dead.s04e08.7_10924_i90693911_il345.exe

Digital Signature

Signed by:

KASHTAN OOO

Authority:

Thawte, Inc.

Valid from:

7/5/2015 5:30:00 AM

Valid to:

5/22/2016 5:29:59 AM

Subject:

CN=KASHTAN OOO, O=KASHTAN OOO, L=Naberezhnye Chelny, S=Tatarstan republic, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

468BE39F7FCABE2D4D2D070862DD916B

File PE Metadata

Compilation timestamp:

11/26/2015 8:22:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:WyElt11fZZK6ReDM9dwQja8DAruZJJte2OWqJCoNRj+qSwKHQGe:WyElt11fD791zAru3Jte2tq01lU

Entry address:

0x3539E8

Entry point:

68, D4, 6D, 4E, 26, E8, 3B, DB, FD, FF, AC, A5, E3, 4B, 28, DD, 31, D4, 03, AF, E9, 55, 7D, 45, 32, 11, B6, C2, 50, 18, C6, 0F, 83, 18, E6, FD, FF, 8B, D0, 03, C9, E9, FE, 07, FE, FF, FF, 46, 58, FF, 03, E9, 5B, 75, 00, 00, B3, 8E, C5, 7D, 13, FE, 10, 99, 0C, A6, E1, 11, 0F, 83, 7C, 2A, 00, 00, 8B, C2, D2, CA, BA, 00, 08, 00, 00, 2B, D1, C1, EA, 05, 03, D1, 8B, 4D, F8, 66, 81, FC, 38, 4D, F9, 66, 89, 11, 0F, BF, D3, 8B, 55, E0, 66, F7, C2, CA, 47, 81, FE, A9, 7D, BC, 18, 8D, 92, 6C, 0E, 00, 00, F9, 83, 7D... 
[+]

Entropy:

7.6016

Code size:

2.9 MB (3,085,824 bytes)

Remove the.walking.dead.s04e08.7_10924_i90693911_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.