home

vmvuq.exe

PlusSTotal-9.5V20.09

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application vmvuq.exe, “PlusSTotal-9.5V20.09 exe” by Hike Zone Plus has been detected as adware by 8 anti-malware scanners. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Plus1HDV20.09  (signed by Hike Zone Plus)

Product:
PlusSTotal-9.5V20.09

Description:
PlusSTotal-9.5V20.09 exe

Version:
1000.1000.1000.1000

MD5:
52dc6cd79e2309ed3bc2f52a78d8ec57

SHA-1:
d80519ddb1b856a4c21c3486ad9f699aa1d58bf4

SHA-256:
5963e661c029f789e1a95fab05e6df356dac2c2a7ec824302e20589de7364db1

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/25/2024 11:03:14 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Solimba
2014.09.21

AVG
Berta
2015.0.3342

Dr.Web
Trojan.Crossrider.33433
9.0.1.0266

herdProtect (fuzzy)
variant of 1f8e4399-26a6-4bf4-be2e-fa5ff811892a-4.exe (Adware)
2014.12.5.17

Malwarebytes
PUP.Optional.EasyDeals.A
v2014.09.23.03

Panda Antivirus
Trj/Genetic.gen
14.09.23.03

Reason Heuristics
PUP.HikeZonePlus.F
14.9.23.13

VIPRE Antivirus
Threat.4789396
32938

File size:
1.4 MB (1,518,488 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
PlusSTotal-9.5V20.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\vmvuq.exe

Digital Signature
Signed by:
Hike Zone Plus

Authority:
COMODO CA Limited

Valid from:
8/18/2014 5:00:00 PM

Valid to:
8/19/2015 4:59:59 PM

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
Compilation timestamp:
9/18/2014 3:04:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:zDK1IJi1MSWvOx0xVkFlHXAtGbABIxp0xYdUGWLMfKrQ+JNpSKQ0TcQm:zDP9mMkFl3AIMBY0Y3WVJNpSKQ0TG

Entry address:
0xEDB00

Entry point:
E8, C1, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, F4, 01, 01, 00, 3B, 30, 7C, 07, E8, EB, 01, 01, 00, 8B, 30, E8, DE, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 34, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 21, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 21, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 3D, EE...
 
[+]

Entropy:
6.6099

Code size:
1.1 MB (1,141,760 bytes)

Remove vmvuq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.