» 1plhblkxusg==55n2d.exe
Overview
Analysis
File Details
Downloads (1)

1plhblkxusg==55n2d.exe

The application 1plhblkxusg==55n2d.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from d2vubraihqcany.cloudfront.net.

File name:

Version:

1.1.0.31

MD5:

6c11385d6fc068f74660b00f7ac5627a

SHA-1:

17a8100b22140f7839bbb88a64d6470cf5547c61

SHA-256:

a99bd1453ab5fa70112e02ce5c790acc8e04e7bfda2efd36088d56550c667275

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

5/29/2024 3:54:42 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.609271

5807185

avast!

Adware-gen [Adw]

150319-1

AVG

Adware Generic6.ANYG

2014.0.4311

Baidu Antivirus

Adware.Win32.PennyBee

4.0.3.15512

Dr.Web

infected with Trojan.OutBrowse.576

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.609271

10.0.0.5366

ESET NOD32

multiple threats

7.0.302.0

McAfee

Program.Artemis!6C11385D6FC0

17.6.569.0

Microsoft Security Essentials

Threat.Undefined

1.197.1901.0

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0504

7.2.132

VIPRE Antivirus

Threat.4150696

39676

File size:

1.9 MB (1,943,980 bytes)

Product version:

1.1.0.31

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1plhblkxusg==55n2d.exe

File PE Metadata

Compilation timestamp:

6/6/2009 5:41:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:olrEKQWDZ0Tv8ndH4sIaLU9TK9faodqKBaDphF4sP+1ARK7EpYWb:MrEADZm0dH4taLUZKlzdqKBKF48KrTg

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file 1plhblkxusg==55n2d.exe has been seen being distributed by the following URL.

http://d2vubraihqcany.cloudfront.net/Installer/.../AdBlocker20150503.exe

Remove 1plhblkxusg==55n2d.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.