home

windows 8 loader by dosha.exe

Windows NetMeeting

IT River

The application windows 8 loader by dosha.exe by IT River has been detected as adware by 27 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dlc.lowenburg-com.ru and multiple other hosts.
Publisher:
Windows  (signed by IT River)

Product:
Windows® NetMeeting®

Description:
NetMeeting®

Version:
5.1.2600.2180

MD5:
0470b8d4b859fc3d999243b3b499708b

SHA-1:
23d573f364b37432c2cb72a2ad8ce08dd16efc2e

SHA-256:
fa40fee2c72279665a5bfeb359526ac44a73d223cf17060b9111b0a01625b896

Scanner detections:
27 / 68

Status:
Adware

Analysis date:
4/18/2024 1:48:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.Krypt.12
915

AhnLab V3 Security
PUP/Win32.LoadMoney
2014.08.04

Avira AntiVirus
TR/Crypt.XPACK.Gen3
7.11.30.172

avast!
Win32:LoadMoney-FP [PUP]
140617-1

AVG
Win32/Cryptor
2014.0.3986

Bitdefender
Gen:Heur.Krypt.12
1.0.20.1080

Comodo Security
TrojWare.Win32.Kryptik.BZSP
19079

Dr.Web
Trojan.LoadMoney.262
9.0.1.05190

Emsisoft Anti-Malware
Gen:Heur.Krypt.12
8.14.08.04.07

ESET NOD32
Win32/Kryptik.CBAJ trojan
7.0.302.0

Fortinet FortiGate
Riskware/LMN
8/4/2014

F-Prot
W32/A-7ea623cf
v6.4.7.1.166

F-Secure
Gen:Heur.Krypt.12
11.2014-04-08_2

G Data
Gen:Heur.Krypt.12
14.8.24

IKARUS anti.virus
Trojan.Krypt
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.182.12926

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
15.0.0.494

McAfee
PUP-FNB
5600.7049

MicroWorld eScan
Gen:Heur.Krypt.12
15.0.0.648

NANO AntiVirus
Riskware.Win32.Krap.cypjlh
0.28.2.61148

Panda Antivirus
Trj/Genetic.gen
14.08.04.07

Quick Heal
Trojan.Sisproc.A6
8.14.14.00

Reason Heuristics
PUP.ITRiver.Z
14.8.4.6

Sophos
Mal/LdMon-B
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Kazy
10442

Total Defense
Win32/LdMon.JNOBUX
37.0.11099

VIPRE Antivirus
Threat.4823650
31208

File size:
296.3 KB (303,416 bytes)

Product version:
3.01

Copyright:
1996-2001

Original file name:
conf.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\windows 8 loader by dosha.exe

Digital Signature
Signed by:
IT River

Authority:
COMODO CA Limited

Valid from:
2/25/2014 2:00:00 AM

Valid to:
2/26/2015 1:59:59 AM

Subject:
CN=IT River, O=IT River, STREET="Obolenskiy, 9", L=Moscow, S=Moscow oblast, PostalCode=119021, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0F02E0C593A3B9A15B22F5853C90D66B

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:WedPivGRonNT6CSfRvoSMFnVaNWdzD6SXuJi6uXEEk:WedPAd6CmoQwKSHu

Entry address:
0x1000

Entry point:
E9, 4B, 01, 04, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, FF, 25, 24, 20, 44, 00, CC, CC, CC, CC, CC, CC, 43, 66, 3B, 3D, 6C, 20, 44, 00, 7D, 08, 89, 0D, 2D, 20, 44, 00, EB, 16, 89, 05, D8, 20, 44, 00, 2B, 1D, 71, 20, 44, 00, 89, 05, E7, 20, 44, 00, 89, 7C, 24, D8...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
257 KB (263,168 bytes)

The file windows 8 loader by dosha.exe has been seen being distributed by the following 3 URLs.

http://dlc.lowenburg-com.ru/download/7e/DRr09PKu7PHy97Kmpe3j/ 3q47/h vjj8 X08O7 //.../windows_8_loader_by_dosha.exe

http://dlc.lowenburg-com.ru/download/7e/DRr09PKu7PHy97Kmpe3j/ 3q47/h vjj8 X08O7 //.../windows_8_loader_by_dosha.exe

http://forces.i-promonixes.ru/MjU5MTsjO25hbWU9V2luZG93cys4K0xvYWRlcitCeStET1NIQS5leGU7c2l6ZT01NDI4O3R5cGU9c2V0dXA=

Remove windows 8 loader by dosha.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.