home

viber-aoc-jd.exe

Viber

Sevas-S LLC

The application viber-aoc-jd.exe by Sevas-S has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.joydownload.com.
Publisher:
Sevas-S LLC  (signed and verified)

Product:
Viber

Version:
1.0.0.0

MD5:
d5abe40e8f396013e8235d1a3d0ccb9a

SHA-1:
c18f85044562704af91d4d02d301ccd579038b78

SHA-256:
290590ba6a098d6f6b324410adf0086b68b1a0d637fe9ff37906ee5fd421141b

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/23/2024 9:55:05 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2015.0.3551

Bkav FE
W32.Clodadc.Trojan
1.3.0.4924

Dr.Web
Adware.Downware.1446
9.0.1.057

ESET NOD32
Win32/JoyDownloader
8.9462

Malwarebytes
PUP.Optional.OpenCandy
v2014.02.26.05

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.SevasS.M
14.8.7.20

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.14224

Trend Micro House Call
TROJ_GEN.F47V1019
7.2.57

Trend Micro
ADW_OPENCANDY
10.465.26

VIPRE Antivirus
Sevas-S Installer
26798

File size:
475.4 KB (486,784 bytes)

Copyright:
Copyright (C) Radiocom

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\viber-aoc-jd.exe

Digital Signature
Signed by:
Sevas-S LLC

Authority:
VeriSign, Inc.

Valid from:
1/23/2013 3:00:00 AM

Valid to:
2/23/2014 2:59:59 AM

Subject:
CN=Sevas-S LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sevas-S LLC, L=Kyiv, S=Kyivska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
527471E53862E2F90AB45ED4ACB8F4C2

File PE Metadata
Compilation timestamp:
5/20/2013 2:52:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/aCw6wvFhjs17FEUDTTup+Ts9PJYz5jtNcB+/TRfYF:pw6AFhm7FjDHuzJYz5jtXTBYF

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Entropy:
7.8677

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file viber-aoc-jd.exe has been seen being distributed by the following URL.

http://www.joydownload.com/d/.../viber-aoc-jd.exe

Remove viber-aoc-jd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.