30-11180_lingoes_2.7.5.exe

raonmedia

The application 30-11180_lingoes_2.7.5.exe by raonmedia has been detected as a potentially unwanted program by 16 anti-malware scanners. The file has been seen being downloaded from utilbada.com and multiple other hosts.
Publisher:
raonmedia  (signed and verified)

MD5:
8601e1647fc2955e96e5f40ab0bd6655

SHA-1:
476aaaaff9694e0202b2a364252b0b0df1e18261

SHA-256:
87c5852f87e8ea6c1216e48a34c8b151384b6ee9aa058408c84c7ebb340b0d87

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 3:12:08 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Rogue.1123653
7.11.136.64

avast!
Win32:PUP-gen [PUP]
2014.9-140413

AVG
Toolbar
2015.0.3505

Baidu Antivirus
AdWare.Win32.Kraddare
4.0.3.14413

Bkav FE
W32.Clod91d.Trojan
1.3.0.4959

Comodo Security
ApplicUnwnt.Win32.AdWare.Kraddare.b
17912

Fortinet FortiGate
Adware/Kraddare
4/13/2014

K7 AntiVirus
Unwanted-Program
13.176.11392

McAfee
Artemis!8601E1647FC2
5600.7161

nProtect
Adware/W32.KrAdword.1124504
14.03.10.01

Panda Antivirus
Trj/Agent.MIZ
14.04.13.09

Reason Heuristics
PUP.raonmedia.U
14.4.13.21

Rising Antivirus
PE:Trojan.Win32.Generic.14435468!339956840
23.00.65.14411

Sophos
Generic PUA EH
4.98

Trend Micro House Call
HV_KRADARE_CA2230DE.TOMC
7.2.103

VIPRE Antivirus
Trojan.Win32.Generic
27278

File size:
1.1 MB (1,124,504 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\30-11180_lingoes_2.7.5.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/26/2011 8:00:00 PM

Valid to:
10/26/2012 7:59:59 PM

Subject:
CN=raonmedia, OU=Dev Team, O=raonmedia, L=Suyeong-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
728A8FA30BF47A94EE758FF62188B2CC

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:qgr+3a7d1brXQNac7E0k9kjKul3GFXpLkBUrTseNlAg/unEIZUlxOnY7a+dI4D6:qYFjQBzkKjdxeXpLkGfFHdIKxQXr4e

Entry address:
0xC1F48

Entry point:
55, 8B, EC, 83, C4, F0, B8, 30, 19, 4C, 00, E8, AC, 49, F4, FF, A1, C8, 72, 4C, 00, 8B, 00, E8, 28, 2C, FB, FF, A1, C8, 72, 4C, 00, 8B, 00, BA, A8, 1F, 4C, 00, E8, 17, 28, FB, FF, 8B, 0D, 60, 6C, 4C, 00, A1, C8, 72, 4C, 00, 8B, 00, 8B, 15, 4C, EA, 4B, 00, E8, 17, 2C, FB, FF, A1, C8, 72, 4C, 00, 8B, 00, E8, 8B, 2C, FB, FF, E8, E2, 24, F4, FF, 00, 00, FF, FF, FF, FF, 11, 00, 00, 00, C0, AF, C6, BF, B9, D9, B4, D9, 20, B4, D9, BF, EE, B7, CE, B4, F5, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5377

Developed / compiled with:
Microsoft Visual C++

Code size:
772 KB (790,528 bytes)

The file 30-11180_lingoes_2.7.5.exe has been seen being distributed by the following 3 URLs.

http://utilbada.com/.../file_down.php?u=30-10247_dotnetfx40_full_setup.exe

http://cfile210.uf.daum.net/.../217BB53F51EC900B36C31A

Remove 30-11180_lingoes_2.7.5.exe - Powered by Reason Core Security