» ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe
Overview
Analysis
File Details
Downloads (2)

ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe

Vega Stp

IDDQD

The application ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.panningmanybanded.site and multiple other hosts.

File name:

Publisher:

IDDQD

Product:

Vega Stp

Description:

tiny install

Version:

188.204.91.235

MD5:

f5f9c06f280c00afd65c342634ba6b00

SHA-1:

2c813b1274d2cfe2a9d31726393e018e3b1a6b35

SHA-256:

3701ffa3772c299a6783d091adc7dc2048fceaad9a2f86f00a85fedc0f941e9c

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

6/29/2025 10:59:09 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Symmi.60918

11.5.0.6191

F-Secure

Variant.Razy.42339

5.15.96

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Amonetize

15.0.0.562

Norman

Gen:Variant.Razy.42339

10.04.2016 15:29:17

Reason Heuristics

Adware.InstallMonetizer.IDDQD.Installer.Meta (M)

16.5.8.16

File size:

847 KB (867,328 bytes)

Product version:

188.204.91.235

CR 2015

Trademarks:

Trd Mark

Original file name:

sstup.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe

File PE Metadata

Compilation timestamp:

5/8/2016 10:45:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:348JyOlamS9mPhjgEvF9q1VTQ8waKf6inXYW/ryfRQ1jBl96AezSYtyVa4IGPUQ:3vS9mZBvF90TQ8wh/DyfRKlh6t0UQ

Entry address:

0x4D75

Entry point:

E8, 0D, 38, 00, 00, E9, 89, FE, FF, FF, 6A, 00, FF, 15, 20, B0, 40, 00, C3, FF, 15, 24, B0, 40, 00, C2, 04, 00, 8B, FF, 56, FF, 35, C8, F1, 40, 00, FF, 15, 28, B0, 40, 00, 8B, F0, 85, F6, 75, 1B, FF, 35, DC, FD, 40, 00, FF, 15, 30, B0, 40, 00, 8B, F0, 56, FF, 35, C8, F1, 40, 00, FF, 15, 2C, B0, 40, 00, 8B, C6, 5E, C3, A1, C4, F1, 40, 00, 83, F8, FF, 74, 16, 50, FF, 35, E4, FD, 40, 00, FF, 15, 30, B0, 40, 00, FF, D0, 83, 0D, C4, F1, 40, 00, FF, A1, C8, F1, 40, 00, 83, F8, FF, 74, 0E, 50, FF, 15, 34, B0, 40... 
[+]

Code size:

38 KB (38,912 bytes)

The file ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe has been seen being distributed by the following 2 URLs.

http://www.panningmanybanded.site/9_nod32_launcher.exe

http://www.panningmanybanded.site/.../phddv.exe

Remove ulead video studio 11 plus c downloader__3687_i1917001024_il624734.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.