home

db3df129373e2bfa089da0df7f2b8f80.pe

Super Radio

Buca Apps

The file db3df129373e2bfa089da0df7f2b8f80.pe has been detected as adware by 37 anti-malware scanners. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.
Publisher:
Buca Apps

Product:
Super Radio

Description:
Super Radio exe

Version:
1000.1000.1000.1000

MD5:
db3df129373e2bfa089da0df7f2b8f80

SHA-1:
3ef22fbcae59d60e5fc96053d4ff3a140c1bd9c6

SHA-256:
48c45c4ad2becaed54007fbeff2c66efea43248b910e203a53e8915851428180

Scanner detections:
37 / 68

Status:
Adware

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/24/2024 7:46:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
658

Agnitum Outpost
Win32.Sality.FA.Gen
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.01.22

Avira AntiVirus
W32/Sality.AT
7.11.204.50

avast!
Win32:Sality
2014.9-150418

AVG
Win32/Sality
2016.0.3136

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15418

Bitdefender
Win32.Sality.3
1.0.20.540

Bkav FE
W32.Sality.PE
1.3.0.6379

Dr.Web
Win32.Sector.22
9.0.1.0108

Emsisoft Anti-Malware
Win32.Sality
8.15.04.18.08

ESET NOD32
Win32/Sality.NBA
9.11054

F-Prot
W32/Sality.gen2
v6.4.7.1.166

F-Secure
Win32.Sality.3
11.2015-18-04_7

G Data
Win32.Sality
15.4.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.191.14713

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2173

McAfee
W32/Sality.gen.z
5600.6792

Microsoft Security Essentials
Virus:Win32/Sality.AT
1.11302

MicroWorld eScan
Win32.Sality.3
16.0.0.324

NANO AntiVirus
Virus.Win32.Sality.yusp
0.30.0.64812

Norman
Sality.ZHB
11.20150418

nProtect
Win32.Sality.3
15.01.22.01

Panda Antivirus
W32/Sality.AA
15.04.18.08

Qihoo 360 Security
Win32/Virus.485
1.0.0.1015

Quick Heal
W32.Sality.U
4.15.14.00

Reason Heuristics
Threat.Buca
15.4.18.4

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15416

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11397

Trend Micro House Call
PE_SALITY.ER
7.2.108

Trend Micro
PE_SALITY.ER
10.465.18

Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3

VIPRE Antivirus
Virus.Win32.Sality.atbh
36870

ViRobot
Win32.Sality.N[h]
2014.3.20.0

Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.2042

File size:
678 KB (694,240 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Super Radio.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\db3df129373e2bfa089da0df7f2b8f80.pe

File PE Metadata
Compilation timestamp:
1/4/2015 9:06:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:oXjNGRPIkOzqfeY9QY39dwfuBDxXQpPoVTloDsqQMy:oXjNGJI/+T9Qetah0TcsDMy

Entry address:
0x52EAA

Entry point:
78, 0D, 43, 69, E9, 42, 5A, B0, 96, F7, C0, 80, AB, 99, FD, 86, EF, 0F, C8, 8D, 2D, 24, B5, A8, 75, 3A, C9, 8D, 05, 8F, 1C, 27, 2B, 0F, AF, EE, 0F, CD, 0F, AF, EB, 68, E8, 96, 0A, 00, 87, ED, 5D, 81, C5, 82, 01, 00, 00, 8B, F5, FF, C5, 81, F6, 83, 93, 0A, 00, 0F, AF, EE, 56, 58, 8B, EB, 35, E9, 0B, 00, 00, 85, EE, 33, C6, 3B, CD, 73, 0A, 89, DD, 8B, EE, C7, C5, B9, D7, F3, 78, 8B, C8, FF, C0, 8D, 35, B1, 80, 8B, 30, 8D, 19, 87, E8, FE, C1, 8D, 13, 8D, 2D, AD, EF, 75, D4, 0C, 3D, 33, FA, F6, C1, 40, EB, 08...
 
[+]

Entropy:
6.8003

Code size:
487 KB (498,688 bytes)

Remove db3df129373e2bfa089da0df7f2b8f80.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.