90fe887d.exe

The application 90fe887d.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. The file has been seen being downloaded from www.adscseed.info and multiple other hosts.
MD5:
dc338630a5ce095da8f7df212ba8976b

SHA-1:
0306ef8553fc801b474a1b79c607326d6c362c77

SHA-256:
4ed91c4ac83d5af0c7e5a7133805f2bed5d762cccc25b0e3954be8a8284eb636

Scanner detections:
31 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 2:56:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.174180
343

Agnitum Outpost
PUA.ExtCrome
7.1.1

AhnLab V3 Security
Adware/Win32.MultiPlug
2015.10.17

Avira AntiVirus
TR/Black.Gen2
8.3.2.2

Arcabit
Trojan.Adware.Graftor.D2A864
1.0.0.582

avast!
Win32:Adware-gen [Adw]
2014.9-160226

AVG
Win32/DH{D3I1?}
2017.0.2821

Baidu Antivirus
Adware.Win32.Vonteera
4.0.3.16226

Bitdefender
Gen:Variant.Adware.Graftor.174180
1.0.20.285

Comodo Security
ApplicUnwnt
23429

Dr.Web
Trojan.DownLoader12.15331
9.0.1.057

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.174180
8.16.02.26.11

ESET NOD32
Win32/AdWare.Vonteera (variant)
10.12421

Fortinet FortiGate
Riskware/Vonteera
2/26/2016

G Data
Gen:Variant.Adware.Graftor.174180
16.2.25

IKARUS anti.virus
PUA.Vonteera
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.211.17567

Kaspersky
not-a-virus:AdWare.Win32.ExtCrome
14.0.0.600

McAfee
Artemis!DC338630A5CE
5600.6477

Microsoft Security Essentials
BrowserModifier:Win32/Vonteera
1.1.12101.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.174180
17.0.0.171

NANO AntiVirus
Riskware.Win32.ExtCrome.dnjnjv
0.30.26.3947

Panda Antivirus
Generic Suspicious
16.02.26.11

Qihoo 360 Security
HEUR/QVM16.0.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.ExtCrome.g8 (Not a Virus)
2.16.14.00

Sophos
Generic PUA AD (PUA)
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-KD
9299

Vba32 AntiVirus
AdWare.ExtCrome
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
44602

ViRobot
Adware.Agent.1166336[h]
2014.3.20.0

Zillya! Antivirus
Adware.ExtCrome.Win32.254
2.0.0.2452

File size:
1.1 MB (1,166,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\90fe887d.exe

File PE Metadata
Compilation timestamp:
1/29/2015 4:32:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Hx2rADvj3YKEY0cKvyNhXCV4E8BXAfrnkcAqU0AM78nif+Mc5Aq:R2rAP3YRY0cKv+hyz8grnkQft78i2M

Entry address:
0x104B2F1

Entry point:
9C, E8, 11, 04, 00, 00, F5, 9C, 84, E4, C7, 04, 24, D9, C0, 07, 42, 9C, 8D, 64, 24, 44, 0F, 85, B0, 35, 00, 00, E8, D6, 03, 00, 00, 57, 9E, 15, AC, 23, FF, CE, 3A, 49, 60, 0F, 7C, 1A, AC, 13, 82, 75, 2A, 00, CD, F8, 57, 57, F6, AD, BA, 59, B2, CD, 1C, 6F, 1D, AF, D0, 8E, 43, 44, 27, 62, D2, A7, 02, 40, AB, C9, 1C, 6A, DD, EB, 61, AE, 5D, DB, 2A, 80, DF, 15, 60, DE, F5, 28, 99, 3D, F4, F6, 31, 93, 76, F4, 17, 45, AC, 01, 17, 50, 32, 26, C3, 63, 9D, 3C, C9, 14, 03, 3E, D7, 04, 4D, 6E, A1, 26, 49, B2, 61, 2E...
 
[+]

Entropy:
7.0911

Code size:
170.5 KB (174,592 bytes)

The file 90fe887d.exe has been seen being distributed by the following 2 URLs.

http://www.adscseed.info/.../a0a5cf5c3.exe

Remove 90fe887d.exe - Powered by Reason Core Security