султан.exe

Vkontakte DJ Installer

The application султан.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from setup.dj-reserve.com and multiple other hosts.
Product:
Vkontakte DJ Installer

Version:
1.9.1.17

MD5:
bac52fe3befedbb34a78c91d6c592781

SHA-1:
0d8ac4704176965578316352a75ac3144157c3f6

SHA-256:
de062e84ca2071fd0b7dd676febd75c2b2d6d505c3532dd8e258d70a397ecc2f

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 7:35:29 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Generic
2015.12.29

Arcabit
Trojan.Generic.DECB266
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160111

Baidu Antivirus
PUA.MSIL.VKontakteDJ
4.0.3.16111

Bitdefender
Trojan.Generic.15512166
1.0.20.55

Dr.Web
Program.VKontakteDJ.6
9.0.1.011

Emsisoft Anti-Malware
Trojan.Generic.15512166
8.16.01.11.05

ESET NOD32
MSIL/VKontakteDJ.A potentially unwanted (variant)
10.12786

Fortinet FortiGate
Riskware/VKontakteDJ
1/11/2016

F-Secure
Trojan.Generic.15512166
11.2016-11-01_2

G Data
Trojan.Generic.15512166
16.1.25

K7 AntiVirus
Adware
13.212.18243

Kaspersky
not-a-virus:Downloader.MSIL.VKontakteDJ
14.0.0.831

McAfee
Artemis!BAC52FE3BEFE
5600.6523

MicroWorld eScan
Trojan.Generic.15512166
17.0.0.33

nProtect
Trojan.Generic.15512166
15.12.28.01

Panda Antivirus
Trj/GdSda.A
16.01.11.05

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16109

Sophos
Vkontakte DJLoader (PUA)
4.98

File size:
562 KB (575,488 bytes)

Product version:
1.9.1.17

Copyright:
Copyright © 2015

Original file name:
DjLoader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\??????.exe

File PE Metadata
Compilation timestamp:
9/25/2015 11:53:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ngIjBtFB4P7qsKQ0jnAt4BknkA3F2nKbd9JsZBtFC:RjJB4DBKQ0jnpBknk6285sZJC

Entry address:
0x6A9AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
418.5 KB (428,544 bytes)

The file султан.exe has been seen being distributed by the following 3 URLs.

Remove султан.exe - Powered by Reason Core Security