» windows loader 2 2 1 by daz.exe
Overview
Analysis
File Details
Downloads (1)

windows loader 2 2 1 by daz.exe

LLC ITC

The application windows loader 2 2 1 by daz.exe by LLC ITC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.sunshinegroup.ru.

File name:

Publisher:

LLC ITC (signed and verified)

MD5:

767f05e0f1ea432f251eb7f63a9847a0

SHA-1:

d171e9997ab2888299df09972727ec1478773cc6

SHA-256:

ddf4790151d8fde20ba71ff044be95f09f8eaafbee0c5884e1df8614007cc281

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/28/2024 4:34:32 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.1.15.21

File size:

466.9 KB (478,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\windows loader 2 2 1 by daz.exe

Digital Signature

Signed by:

LLC ITC

Authority:

COMODO CA Limited

Valid from:

6/26/2014 3:00:00 AM

Valid to:

6/27/2015 2:59:59 AM

Subject:

CN=LLC ITC, O=LLC ITC, STREET=Vvedenskogo 11/3, L=Moscow, S=Moscow oblast, PostalCode=117342, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F4DBD55156EE0DAFED4BAB130328504E

File PE Metadata

Compilation timestamp:

7/20/2014 12:22:20 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

29.29

Entry address:

0x547C

Entry point:

F5, F9, F7, D6, C1, D8, 0D, 0F, BA, F6, 1D, 4F, FC, C1, E7, 03, 31, CE, 0F, BA, F5, 15, C1, E0, 09, C1, D1, 18, 1B, 74, 24, 10, 0F, BA, EB, 1F, FC, 0F, BA, E1, 1C, C1, FE, 0D, 87, C9, C1, D7, 13, C1, D3, 1D, 81, E6, 9D, F6, B6, 98, C1, E5, 0A, C1, E6, 0C, 1B, 05, BE, 2D, 43, 00, 8B, 54, 24, 10, 0F, BA, E3, 05, 0F, BA, FB, 1A, 0F, BA, EA, 01, C1, E8, 08, 31, E9, C1, E6, 16, 39, 74, 24, 10, C1, E7, 14, 0F, BA, F6, 05, 21, F2, C1, CD, 0F, FC, C1, D9, 0D, 2B, 54, 24, FC, C1, DF, 0D, 09, D2, 87, F5, 81, D9, DA... 
[+]

Code size:

382.5 KB (391,680 bytes)

The file windows loader 2 2 1 by daz.exe has been seen being distributed by the following URL.

http://forces.sunshinegroup.ru/NTY7aHR0cCUzQSUyRiUyRnMyLmZpbGUtc3BhY2Uub3JnJTJGZG93biUyRnNWb0dXb0tUeXUlMkYxNDA1ODEyNjg0JTJGYWFRc0RNNVYxMTU1T3ZiNkJ3b2IxQSUyRjY4MTQlMkYwJTJGNjgxNCUyRldpbmRvd3NfTG9hZGVyXzIuMi4xX2J5X0RBWi56aXA7ZG93bmxvYWRlcldpbmRvd3NfTG9hZGVyXzIuMi4xX2J5X0RBWi56aXA7emlwOzY5NDcxNjE=

Remove windows loader 2 2 1 by daz.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.