» султан.exe
Overview
Analysis
File Details
Downloads (3)

султан.exe

Vkontakte DJ Installer

The application султан.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from setup.dj-reserve.com and multiple other hosts.

File name:

султан.exe

Product:

Vkontakte DJ Installer

Version:

1.9.1.17

MD5:

bac52fe3befedbb34a78c91d6c592781

SHA-1:

0d8ac4704176965578316352a75ac3144157c3f6

SHA-256:

de062e84ca2071fd0b7dd676febd75c2b2d6d505c3532dd8e258d70a397ecc2f

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 3:19:11 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Generic

2015.12.29

Arcabit

Trojan.Generic.DECB266

1.0.0.637

avast!

Win32:Malware-gen

2014.9-160111

Baidu Antivirus

PUA.MSIL.VKontakteDJ

4.0.3.16111

Bitdefender

Trojan.Generic.15512166

1.0.20.55

Dr.Web

Program.VKontakteDJ.6

9.0.1.011

Emsisoft Anti-Malware

Trojan.Generic.15512166

8.16.01.11.05

ESET NOD32

MSIL/VKontakteDJ.A potentially unwanted (variant)

10.12786

Fortinet FortiGate

Riskware/VKontakteDJ

1/11/2016

F-Secure

Trojan.Generic.15512166

11.2016-11-01_2

G Data

Trojan.Generic.15512166

16.1.25

K7 AntiVirus

Adware

13.212.18243

Kaspersky

not-a-virus:Downloader.MSIL.VKontakteDJ

14.0.0.831

McAfee

Artemis!BAC52FE3BEFE

5600.6523

MicroWorld eScan

Trojan.Generic.15512166

17.0.0.33

nProtect

Trojan.Generic.15512166

15.12.28.01

Panda Antivirus

Trj/GdSda.A

16.01.11.05

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16109

Sophos

Vkontakte DJLoader (PUA)

4.98

File size:

562 KB (575,488 bytes)

Product version:

1.9.1.17

Original file name:

DjLoader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\??????.exe

File PE Metadata

Compilation timestamp:

9/25/2015 11:53:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:ngIjBtFB4P7qsKQ0jnAt4BknkA3F2nKbd9JsZBtFC:RjJB4DBKQ0jnpBknk6285sZJC

Entry address:

0x6A9AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 70, 00, 00, 80, 10, 00, 00, 00, 88, 00, 00, 80, 18, 00, 00, 00, A0, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

418.5 KB (428,544 bytes)

The file султан.exe has been seen being distributed by the following 3 URLs.

http://setup.dj-reserve.com/.../ZWMwMDAxMDBiMzAwMDM5MjAwMDAwM2E2MDAwM2E2MDAwM2E2NzkzNzlmZGZkMg==

http://muzofon.org/dmaster.php?id=22

http://muzofon.com/dmaster.php?id=22

Remove султан.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.