» 17bfff15.exe
Overview
Analysis
File Details
Downloads (5)

17bfff15.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application 17bfff15.exe by Georgi Georgiev has been detected as adware by 16 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.nansq.info and multiple other hosts.

File name:

17bfff15.exe

Publisher:

Georgi Georgiev (signed and verified)

MD5:

e0d69f3360e008645dd466a09342fffe

SHA-1:

cf75fbfb034e04c85d23c55bc6f14e37c9422b49

SHA-256:

18af485c45f34dc9d4ba57178df3b97ed3516bd138ecc6f8d2115a97fd605756

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

11/16/2024 1:47:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.113278

779

AhnLab V3 Security

Adware/Win32.Vonteera

2014.12.17

Avira AntiVirus

TR/Zusy.2139728

7.11.196.52

avast!

Win32:Adware-gen [Adw]

2014.9-141218

Bitdefender

Gen:Variant.Zusy.113278

1.0.20.1760

Comodo Security

ApplicUnwnt

20391

Emsisoft Anti-Malware

Gen:Variant.Zusy.113278

8.14.12.18.01

ESET NOD32

Win32/AdWare.Vonteera (variant)

8.10888

Fortinet FortiGate

Riskware/Vonteera

12/18/2014

F-Secure

Gen:Variant.Zusy.113278

11.2014-18-12_5

G Data

Gen:Variant.Zusy.113278

14.12.24

McAfee

Artemis!E0D69F3360E0

5600.6913

MicroWorld eScan

Gen:Variant.Zusy.113278

15.0.0.1056

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.GeorgiGeorgiev

15.2.14.11

Trend Micro House Call

Suspicious_GEN.F47V1215

7.2.352

File size:

2 MB (2,139,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\9723q30l\17bfff15.exe

Digital Signature

Signed by:

Georgi Georgiev

Authority:

COMODO CA Limited

Valid from:

6/6/2014 3:00:00 AM

Valid to:

6/6/2016 2:59:59 AM

Subject:

CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata

Compilation timestamp:

12/11/2014 9:31:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:0aMRSI83Awr1rHUlb1ByKhxZ+iryXhvoTxaFFY93auL:0aMRqJsb1EKYzX5oT4FFY9ZL

Entry address:

0x14BD000

Entry point:

56, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 00, 16, 00, 2D, E0, C5, 9D, 05, 05, D7, C5, 9D, 05, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 3E, AE, 24, 5A, 68, 05, AD, 51, 4C, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 82, 07, 6B, 67, 1A, 45, 12, 3A, 87, AC, 17, 5A, 6B, 72, 68, A7... 
[+]

Entropy:

7.9747 (probably packed)

Code size:

155 KB (158,720 bytes)

The file 17bfff15.exe has been seen being distributed by the following 5 URLs.

http://www.nansq.info/.../fe5a9280c7.exe

http://91.74.184.33/.../fe5a9280c7.exe

http://www.nansq.info/.../1bde1a4a71.exe

http://www.nansq.info/.../7e724f.exe

http://www.nansq.info/.../d33573.exe

Remove 17bfff15.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.