home

windowadvertisement_codenemo16.exe

windowadvertisementSetup

enliple Ltd.

The application windowadvertisement_codenemo16.exe by enliple has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory.
Publisher:
enliple Ltd.  (signed and verified)

Product:
windowadvertisementSetup

Version:
8.03

MD5:
ea61a80c7cea0682c71d5cc31a7b2a0f

SHA-1:
acde106296a69b3c4bedc7a93d27a024c43aea7b

SHA-256:
56eae6a7c8392399ae58cb9b668b912b65518745be5ebee7d6870e2a8d82d19d

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:21:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.338885
1015

Agnitum Outpost
PUA.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.MulDrop
14.04.26

Avira AntiVirus
TR/Graftor.119101.22
7.11.145.80

avast!
Win32:Adware-gen [Adw]
2014.9-140426

AVG
Generic5
2015.0.3493

Bitdefender
Gen:Variant.Kazy.338885
1.0.20.580

Comodo Security
ApplicUnwnt
18169

Dr.Web
BACKDOOR.Trojan
9.0.1.0116

Emsisoft Anti-Malware
Gen:Variant.Kazy.338885
8.14.04.26.10

ESET NOD32
Win32/AdWare.Kraddare.JC (variant)
8.9725

F-Secure
Gen:Variant.Kazy.338885
11.2014-26-04_7

G Data
Gen:Variant.Kazy.338885
14.4.24

IKARUS anti.virus
Trojan.Graftor
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.176.11888

McAfee
Artemis!EA61A80C7CEA
5600.7149

MicroWorld eScan
Gen:Variant.Kazy.338885
15.0.0.348

NANO AntiVirus
Trojan.Win32.Kraddare.ctuoru
0.28.0.59492

Norman
Suspicious_Gen4.FTSGF
11.20140426

Reason Heuristics
PUP.Installer.enliple.EE
14.4.26.10

Rising Antivirus
PE:Trojan.Win32.Generic.14C6EB92!348580754
23.00.65.14424

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.116

VIPRE Antivirus
Trojan.Win32.Generic
28606

ViRobot
Adware.Agent.5185384
2011.4.7.4223

File size:
4.9 MB (5,185,384 bytes)

Product version:
8.03

Original file name:
windowadvertisement_2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\windowadvertisement_codenemo16.exe

Digital Signature
Signed by:
enliple Ltd.

Authority:
Thawte, Inc.

Valid from:
6/26/2013 9:00:00 AM

Valid to:
6/27/2015 8:59:59 AM

Subject:
CN=enliple Ltd., OU=Internet Dept, O=enliple Ltd., L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
178A151BFE91D2CFD345640D3EE64736

File PE Metadata
Compilation timestamp:
1/17/2014 9:49:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:F0CR9B8BjGNg6Sf+L3iVhL9pKMV6vHbt6NEyWIGcI+oNMIp1NkXNZXQWjJKZFvzO:F0CR9B8BjGNg6Sf+DKZgM+Hbt6NEyWIb

Entry address:
0x1878

Entry point:
68, 14, BC, 42, 00, E8, EE, FF, FF, FF, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 00, 00, 00, 00, E0, 3E, B4, 28, 89, F7, 21, 4F, 9F, D0, 84, 0E, A3, CD, 5F, 5B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 5A, 48, 3F, F5, CB, A4, 77, 69, 6E, 64, 6F, 77, 61, 64, 76, 65, 72, 74, 69, 73, 65, 6D, 65, 6E, 74, 53, 65, 74, 75, 70, 00, FF, D7, B1, A4, FF, D7, B1, 00, FF, D8, B2, A5, FF, D8, B2, 00, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, 91, 1F, CA, B2, 80, 39, 39, 49...
 
[+]

Entropy:
7.9312

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
208 KB (212,992 bytes)

Remove windowadvertisement_codenemo16.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.