20141004165185.exe

The application 20141004165185.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.ntdlzone.com.
MD5:
034f9a521d1e35ed3e0e9fecec8b8c73

SHA-1:
602e20fc7365a5e70fdd6cb80ca75207c09ab3fc

SHA-256:
7d018253bfd39f4b8aba0243c4fa5622a24717caa7949c427a7fd36b53743ae2

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/23/2024 6:30:15 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.179.140

avast!
NSIS:InstMonetizer-BB [PUP]
2014.9-141026

AVG
AdInstaller
2015.0.3310

Baidu Antivirus
PUA.Win32.VMDetector
4.0.3.141026

Dr.Web
Adware.Downware.918
9.0.1.0299

ESET NOD32
Win32/InstallMonetizer.BC
8.10586

K7 AntiVirus
Trojan
13.184.13727

Malwarebytes
v2014.10.26.04

McAfee
Artemis!034F9A521D1E
5600.6966

NANO AntiVirus
Riskware.Win32.MLW.ddylkr
0.28.2.62671

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.141024

Sophos
AppMonetizer Installer
4.98

Trend Micro House Call
TROJ_GEN.R02SH06J114
7.2.299

VIPRE Antivirus
Adware.Monetizer
34066

File size:
320.5 KB (328,151 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\20141004165185.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:VFJ0SJJAqOHaQD7pJ59ExJuAZXwVCTtZ5t5q2pd5A8Ww4G:54qO17pB6XwVC/5bJd5A8r

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 20141004165185.exe has been seen being distributed by the following URL.

Remove 20141004165185.exe - Powered by Reason Core Security