home

VKMusicSetup.exe

VKMusicPlayer

LLC Pentagon

The application VKMusicSetup.exe by LLC Pentagon has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from vkmusic.ru. While running, it connects to the Internet address hosted-by.ihc.ru on port 80 using the HTTP protocol.
Publisher:
LLC Pentagon  (signed and verified)

Product:
VKMusicPlayer

Version:
1.0.5297.32307

MD5:
63925217310bba7922b9892ad32f9d03

SHA-1:
9da55772fc939ff52a3c6eb59945cde908880aaf

SHA-256:
ec65920f2406eb119f0d1e8c5ad3b4239be3042aade471379816509197abecec

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 8:16:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1825963
758

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-150108

Baidu Antivirus
PUA.MSIL.VKPentago
4.0.3.1518

Bitdefender
Trojan.GenericKD.1825963
1.0.20.40

Dr.Web
Adware.Downware.5217
9.0.1.08

Emsisoft Anti-Malware
Trojan.GenericKD.1825963
8.15.01.08.07

ESET NOD32
MSIL/VKPentago (variant)
9.10555

F-Secure
Trojan.GenericKD.1825963
11.2015-08-01_5

G Data
Trojan.GenericKD.1825963
15.1.24

IKARUS anti.virus
PUA.MSIL.VKPentago
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.183.13662

McAfee
Artemis!63925217310B
5600.6892

MicroWorld eScan
Trojan.GenericKD.1825963
16.0.0.24

nProtect
Trojan.GenericKD.1825963
14.10.12.01

Reason Heuristics
PUP.Installer.Pentagon.M
15.1.8.7

Sophos
Generic PUA MP
4.98

Trend Micro House Call
TROJ_GEN.R002H05HM14
7.2.8

VIPRE Antivirus
Trojan.Win32.Generic
33882

File size:
2.9 MB (3,010,224 bytes)

Product version:
1.0.5297.32307

Copyright:
Copyright (c) LLC Pentagon. All rights reserved.

Original file name:
VKMusicSetup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vkmusicsetup.exe

Digital Signature
Signed by:
LLC Pentagon

Authority:
VeriSign, Inc.

Valid from:
5/15/2014 4:00:00 AM

Valid to:
4/10/2015 3:59:59 AM

Subject:
CN=LLC Pentagon, O=LLC Pentagon, L=Chelyabinsk, S=Chelyabinsk oblast, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6953C3B39EC862D3EEFA6D7971B66B07

File PE Metadata
Compilation timestamp:
12/25/2012 1:43:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:mHpHzoKaiSUPsqh4ReGGuJtqgjSBiFy0QiQ2UtpuVUc2MUZw:m5sKTzTyPFJtxj3r7AtEVL2Mmw

Entry address:
0x25D1C

Entry point:
E8, 1E, 1F, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, E8, 3E, 45, 00, 00, 74, 05, E9, 7E, 1F, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA...
 
[+]

Code size:
218 KB (223,232 bytes)

The file VKMusicSetup.exe has been seen being distributed by the following URL.

http://vkmusic.ru/VKMUSICsetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hosted-by.ihc.ru  (185.22.234.189:80)

TCP (HTTP):
Connects to 45.32.138.106.vultr.com  (45.32.138.106:80)

Remove VKMusicSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.