320044_superfastdownload000_site

XCDPack

Tekhniks Resurs, TOV

The file 320044_superfastdownload000_site, “NeedfullSoft XCD Pack” by Tekhniks Resurs, TOV has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
NeedfullSoft  (signed by Tekhniks Resurs, TOV)

Product:
XCDPack

Description:
NeedfullSoft XCD Pack

Version:
7.24.4.6

MD5:
02d6a92550a1954c83667a02b7a1e143

SHA-1:
9db3f21bb8c4cfaca0fbc9726ad4808760a4a063

SHA-256:
85c1a2e0b6ff75aad5f5d1c7ab1c24991da6c96be628aa168e706dc004105cf2

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 4:30:35 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.15971, Trojan.Amonetize.13522
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Strictor.110521
16.07.18

ESET NOD32
Win32/Amonetize.VR potentially unwanted application
8.0.319.0

F-Secure
Variant.Strictor.110521
5.15.96

Reason Heuristics
PUP.Amonetize.Tekhniks (M)
16.7.18.18

File size:
857.4 KB (877,931 bytes)

Product version:
7.24.4.6

Original file name:
xcd.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\idm\dwnldata\fab tech0728913727\320044_superfastdownload000_site_341\320044_superfastdownload000_site

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/29/2016 12:00:00 AM

Valid to:
6/29/2017 11:59:59 PM

Subject:
CN="Tekhniks Resurs, TOV", OU=IT, O="Tekhniks Resurs, TOV", STREET="bul. Ivana Lepse, 4", L=Kyyiv, S=Kyyiv, PostalCode=03067, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4BDBA94B8C9A739276B632612DDCA129

File PE Metadata
Compilation timestamp:
7/16/2016 3:08:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:xC0RkWQJFL06WlS+rp3Pp3qkgRHAujGL3l12adGb1On6185zkotE56KJSrs4uTd8:g+lQ+dskgG12R1O61UQAL4SrwTwx

Entry address:
0x361C

Entry point:
E8, A7, 22, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, FF, 15, 70, 30, 42, 00, 6A, 01, A3, 2C, D7, 42, 00, E8, 53, 29, 00, 00, FF, 75, 08, E8, CE, 28, 00, 00, 83, 3D, 2C, D7, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 39, 29, 00, 00, 59, 68, 09, 04, 00, C0, E8, 9C, 28, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 79, 78, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 10, D5, 42, 00, 89, 0D, 0C, D5, 42, 00, 89, 15, 08, D5, 42, 00, 89, 1D, 04, D5, 42, 00, 89, 35, 00, D5, 42, 00, 89, 3D, FC...
 
[+]

Entropy:
6.9682

Code size:
135 KB (138,240 bytes)

Remove 320044_superfastdownload000_site - Powered by Reason Core Security