home

13_nod32_launcher.exe

Mega Boost

Fenamn Farts

The executable 13_nod32_launcher.exe has been detected as malware by 3 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.markersoffredefy.site and multiple other hosts.
Publisher:
Fenamn Farts

Product:
Mega Boost

Description:
tiny install

Version:
20.183.147.180

MD5:
c20069d80919eccee155710f35afb10e

SHA-1:
1589c43404e9c6d6b7cd579b7bfd5f41c7cadc16

SHA-256:
7573b05054075ac9772732f7b3a95569d57b55ce9c445d0b15b07e08d2669afd

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
6/29/2025 2:55:19 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Application.Imonetize
11.5.0.6191

F-Secure
Application.Imonetize.2
5.15.96

Norman
Gen:Application.Imonetize.2
10.04.2016 15:29:17

File size:
1.2 MB (1,290,752 bytes)

Product version:
20.183.147.180

Copyright:
Copyright 2015

Trademarks:
Pepcyc

Original file name:
tinyinstall.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\13_nod32_launcher.exe

File PE Metadata
Compilation timestamp:
5/2/2016 11:53:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:rq87vsFzc9QbK3P6QXCrT6IAimNXhScmLPca2VokW:rXjsFbKXUeI2XMcmIa7k

Entry address:
0x6219

Entry point:
E8, F4, 35, 00, 00, E9, 8C, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 43, 83, E8, 04, 74, 2D, 83, E8, 0D, 74, 22, 48, 74, 0E, 33, C0, C3, FF, 15, AC, C0, 40, 00, E9, 73, 39, 00, 00, B8, 04, 04, 00, 00, C3, FF, 15, 24, C0, 40, 00, E9, 6E, 02, 00, 00, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, FF, 15, A8, C0, 40, 00, E9, 52, 33, 00, 00, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 24, 36, 00, 00, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E...
 
[+]

Code size:
41.5 KB (42,496 bytes)

The file 13_nod32_launcher.exe has been seen being distributed by the following 3 URLs.

http://www.markersoffredefy.site/4_nod32_launcher.exe

http://www.markersoffredefy.site/10_nod32_launcher.exe

http://www.perisigmoiditisgashing.site/4_nod32_launcher.exe

Remove 13_nod32_launcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.