30-11181_novicorp_wintoflash_0.7.0000_beta.zip-1.exe

raonmedia

The application 30-11181_novicorp_wintoflash_0.7.0000_beta.zip-1.exe by raonmedia has been detected as a potentially unwanted program by 22 anti-malware scanners. The file has been seen being downloaded from www.utilbada.com and multiple other hosts.
Publisher:
raonmedia  (signed and verified)

MD5:
d2f5a29c6a02cb06a555dcf7c3e1adcc

SHA-1:
6128c655c903ca74dd18ba8663970f9458e4a5c3

SHA-256:
039b0be023136718ae8a13823e994a28631574bdc3f16fce7dd5dc6a6e83e4f3

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 11:12:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.572159
940

Agnitum Outpost
Adware.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.MulDown
2014.06.03

Avira AntiVirus
Adware/Kraddare.TY
7.11.152.208

avast!
Win32:PUP-gen [PUP]
2014.9-140709

AVG
Generic5
2015.0.3418

Bitdefender
Application.Generic.572159
1.0.20.950

Bkav FE
W32.Clod3ca.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18421

Dr.Web
Adware.Downware.1362
9.0.1.0190

F-Secure
Application.Generic.572159
11.2014-09-07_4

G Data
Application.Generic.572159
14.7.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.178.12292

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.3586

Malwarebytes
Adware.Kraddare
v2014.07.09.07

MicroWorld eScan
Application.Generic.572159
15.0.0.570

NANO AntiVirus
Trojan.Win32.Downware.ccomud
0.28.0.60100

Reason Heuristics
PUP.raonmedia.n
14.7.9.19

Rising Antivirus
PE:Trojan.Win32.Generic.1418C99F!337168799
23.00.65.14707

Sophos
Generic PUA GB
4.98

VIPRE Antivirus
Trojan.Win32.Generic
29894

File size:
971.8 KB (995,096 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
10/16/2012 9:00:00 AM

Valid to:
12/16/2013 8:59:59 AM

Subject:
CN=raonmedia, OU=Dev Team, O=raonmedia, L=Suyeong-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5FC2DE72EA6052BCACCB8BEA3BE6A522

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:vE1rL12HaBvu57/cWmQ0ufddhPH/1hy6et53H:s1rLksyIKfPsb3H

Entry address:
0xCB420

Entry point:
55, 8B, EC, 83, C4, F0, B8, A0, AD, 4C, 00, E8, 44, B6, F3, FF, A1, 48, 03, 4D, 00, 8B, 00, E8, BC, A0, FA, FF, A1, 48, 03, 4D, 00, 8B, 00, BA, 80, B4, 4C, 00, E8, AB, 9C, FA, FF, 8B, 0D, 84, FD, 4C, 00, A1, 48, 03, 4D, 00, 8B, 00, 8B, 15, BC, 7E, 4C, 00, E8, AB, A0, FA, FF, A1, 48, 03, 4D, 00, 8B, 00, E8, 1F, A1, FA, FF, E8, 7A, 91, F3, FF, 00, 00, FF, FF, FF, FF, 11, 00, 00, 00, C0, AF, C6, BF, B9, D9, B4, D9, 20, B4, D9, BF, EE, B7, CE, B4, F5, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6080

Developed / compiled with:
Microsoft Visual C++

Code size:
809.5 KB (828,928 bytes)

The file 30-11181_novicorp_wintoflash_0.7.0000_beta.zip-1.exe has been seen being distributed by the following 2 URLs.

http://www.utilbada.com/.../file_down.php?u=-8931_mx330swin64101ea24.exe