» 6ol29d4h.exe
Overview
Analysis
File Details

6ol29d4h.exe

Passing Planner

MDG Advertising

The file 6ol29d4h.exe, “Pluck Precipitate Succinct ” has been detected as malware by 16 anti-virus scanners.

File name:

6ol29d4h.exe

Publisher:

MDG Advertising (signed and verified)

Product:

Passing Planner

Description:

Pluck Precipitate Succinct

Version:

253, 63, 162, 230

MD5:

d1eda098169b518b758cedab7c5cc9fb

SHA-1:

b74863fa5757dd1624b5882ec613d772d0b66646

SHA-256:

33cf0e2e339413c2a94b6984c050beb21290c688b028e5a20ff434f3ed9aa6cb

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

6/17/2024 5:17:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.14710918

385

Avira AntiVirus

TR/Gamarue.A.19

8.3.1.6

Arcabit

Trojan.Generic.DE07886

1.0.0.425

avast!

Win32:Malware-gen

2014.9-160115

Bitdefender

Trojan.Generic.14710918

1.0.20.75

Dr.Web

Tool.Siggen.10909

9.0.1.015

Emsisoft Anti-Malware

Trojan.Generic.14710918

8.16.01.15.08

F-Secure

Trojan.Generic.14710918

11.2016-15-01_6

G Data

Trojan.Generic.14710918

16.1.25

IKARUS anti.virus

Trojan.Gamarue

t3scan.1.9.5.0

McAfee

Artemis!D1EDA098169B

5600.6519

MicroWorld eScan

Trojan.Generic.14710918

17.0.0.45

nProtect

Trojan.Generic.14710918

15.06.18.01

Qihoo 360 Security

Win32/Trojan.d22

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R047H09FF15

7.2.15

VIPRE Antivirus

Trojan.Win32.Generic

41236

File size:

82.6 KB (84,584 bytes)

Product version:

247, 107, 99, 76

Original file name:

Peninsula.EXE

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\6ol29d4h.exe.part

Digital Signature

Signed by:

MDG Advertising

Authority:

COMODO CA Limited

Valid from:

6/3/2015 2:00:00 AM

Valid to:

6/3/2016 1:59:59 AM

Subject:

CN=MDG Advertising, OU=IT, O=MDG Advertising, STREET=3500 NW BOCA RATON BLVD, L=Boca Raton, S=FL, PostalCode=33431, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A0084B03DC479722DA675156F0A37B70

File PE Metadata

Compilation timestamp:

3/28/2004 3:52:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:0NZzlYrMERwQgYIRLQBR4wBRS08YEOm1p6JIkqNdU/zDMrii1:08BBBFHuMJIkqNa/Ha1

Entry address:

0xE4A6

Entry point:

55, 8B, EC, 6A, FF, 68, E0, F5, 40, 00, 68, 2C, E6, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 90, F1, 40, 00, 59, 83, 0D, AC, 12, 41, 00, FF, 83, 0D, B0, 12, 41, 00, FF, FF, 15, 8C, F1, 40, 00, 8B, 0D, 98, 12, 41, 00, 89, 08, FF, 15, 88, F1, 40, 00, 8B, 0D, 94, 12, 41, 00, 89, 08, A1, 84, F1, 40, 00, 8B, 00, A3, A8, 12, 41, 00, E8, 16, 01, 00, 00, 39, 1D, C0, 11, 41, 00, 75, 0C, 68, 28, E6, 40, 00, FF, 15, 80, F1... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

56 KB (57,344 bytes)

Remove 6ol29d4h.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.