» 36633-jovesmodpack 0 9 2 v13 0.exe
Overview
Analysis
File Details
Downloads (1)

36633-jovesmodpack 0 9 2 v13 0.exe

Online story

The application 36633-jovesmodpack 0 9 2 v13 0.exe by Online story has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.mind-club.ru.

File name:

Publisher:

Online story (signed and verified)

MD5:

0aa0808666d0782322f12b4ec30fdfb7

SHA-1:

b8bb2385a55e87dd64255f08c09ccdcadca7c038

SHA-256:

a046820121010addc5f9561806c87ad87a750a62c3cd62cd0673f6a0601d6c68

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 3:26:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.98223

917

Avira AntiVirus

APPL/LoadMoney.qoyr

7.11.164.242

avast!

Win32:LoadMoney-FA [PUP]

140617-1

AVG

Adware LoudMo.O

2014.0.3986

Bitdefender

Gen:Variant.Zusy.98223

1.0.20.1070

Comodo Security

TrojWare.Win32.Trojan.Vundo.GenW

19052

Emsisoft Anti-Malware

Gen:Variant.Zusy.98223

8.14.08.02.03

ESET NOD32

Win32/AdWare.LoadMoney.OT (variant)

8.10191

F-Secure

Gen:Variant.Zusy.98223

11.2014-02-08_7

G Data

Gen:Variant.Zusy.98223

14.8.24

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

15.0.0.494

Malwarebytes

PUP.Optional.LoadMoney

v2014.08.02.03

McAfee

Generic Obfuscated.g

5600.7051

MicroWorld eScan

Gen:Variant.Zusy.98223

15.0.0.642

Panda Antivirus

Trj/Genetic.gen

14.08.02.03

Qihoo 360 Security

Win32/Trojan.519

1.0.0.1015

Sophos

Generic PUA LI

4.98

Vba32 AntiVirus

SScope.Downware.LMN

3.12.26.3

VIPRE Antivirus

Threat.4657539

31208

File size:

542.6 KB (555,656 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Online story

Authority:

Thawte, Inc.

Valid from:

7/15/2014 3:00:00 AM

Valid to:

6/26/2015 2:59:59 AM

Subject:

CN=Online story, OU=Online story, O=Online story, L=Moscow, S=Moscow region, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1344520A9BCE2AEAD45E4E26D52C4C48

File PE Metadata

Compilation timestamp:

7/30/2014 3:04:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

25.6

CTPH (ssdeep):

12288:vwwi9/8Slp8G4Ooq1F55zdVDv1oewj1N+:s9//laUzdVD9oVju

Entry address:

0x86AD

Entry point:

64, 8B, 1D, 30, 00, 00, 00, 0F, B6, 5B, 02, 85, DB, 0F, 85, 84, 03, 00, 00, 64, 8B, 2D, 30, 00, 00, 00, 8B, 6D, 0C, 83, C5, 14, 8B, 6D, 00, 8B, 75, 28, B9, 1A, 00, 00, 00, BA, 83, B2, E5, DD, 81, C2, D8, 3A, 60, 22, 42, 8A, 06, 46, 3C, 61, 7C, 02, 2C, 20, 34, 14, 38, 02, 75, DA, 49, 75, ED, 8B, 6D, 10, 8B, 55, 3C, 01, EA, 8B, 52, 78, 01, EA, 8B, 5A, 18, B8, DC, CA, 20, 37, 05, 9C, 22, 25, C9, 89, 18, 8B, 5A, 20, 01, EB, 83, C0, 04, 89, 18, 8B, 5A, 24, 01, EB, 83, C0, 04, 89, 18, 8B, 5A, 1C, 01, EB, 83, C0... 
[+]

Code size:

412 KB (421,888 bytes)

The file 36633-jovesmodpack 0 9 2 v13 0.exe has been seen being distributed by the following URL.

http://forces.mind-club.ru/MTAzO2h0dHA6Ly93b3QtcGxhbmV0LmNvbS9lbmdpbmUvZG93bmxvYWQucGhwP2lkPTU1MjQ7bmFtZT0zNjYzMy1qb3Zlc21vZHBhY2tfMF85XzJfdjEzXzAuZXhlO3NpemU9MTExMjAyODMwO3R5cGU9c2V0dXA=

Remove 36633-jovesmodpack 0 9 2 v13 0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.