activedancerguy.exe

Active Dancer Guy

ActiveDancer.com

The application activedancerguy.exe, “Self-Extracting Package for Active Dancer Guy” has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.activedancer.com.
Publisher:
ActiveDancer.com

Product:
Active Dancer Guy

Description:
Self-Extracting Package for Active Dancer Guy

Version:
6.0.0.1

MD5:
744ee4eaf0b40c9f1d418642ad902b5a

SHA-1:
f7a2e8dab7b96fc8dd9dae8b6ecb29568436f9a8

SHA-256:
eacf3c0d65c0d13454f0124807dc71fba9f1e96fb98b17d3cfb6e638344fd79a

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:42:00 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Genome.qhzn!c
2.1.4+

Avira AntiVirus
TR/Dldr.Megone.702383
8.3.3.2

avast!
Win32:Malware-gen
2014.9-160306

Baidu Antivirus
Adware.Win32.Genome
4.0.3.1636

Comodo Security
UnclassifiedMalware
24432

G Data
Win32.Trojan.Agent.VJOTGC
16.3.25

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.2.0.8.0

K7 AntiVirus
Riskware
13.214.18938

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.556

McAfee
Artemis!744EE4EAF0B4
5600.6468

NANO AntiVirus
Trojan.Win32.Genome.dzwhcs
1.0.18.6677

Quick Heal
TrojanDownloader.gen.r5
3.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16304

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
Trojan.Win32.Generic
47666

ViRobot
Trojan.Win32.A.Downloader.702383[h]
2014.3.20.0

Zillya! Antivirus
Downloader.Genome.Win32.56254
2.0.0.2704

File size:
685.9 KB (702,383 bytes)

Product version:
6.0.0.1

Copyright:
Copyright ActiveDancer.com

Trademarks:
ActiveDancer.com

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\activedancerguy.exe

File PE Metadata
Compilation timestamp:
4/14/2015 9:23:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.50

CTPH (ssdeep):
12288:YjyaCTIZeFP4tvIzDkbGKM58lA32DoHERcfQ0DkzPkegDQCfbDu/ikjoMaI:1eZsP4+zDkViN2iEafxUcegDxfuamH

Entry address:
0xB960

Entry point:
55, 89, E5, 6A, FF, 68, 28, 3D, 41, 00, 68, 48, CF, 40, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 83, EC, 08, 83, EC, 48, 53, 56, 57, 89, 65, E8, 68, 00, 00, 00, 02, E8, FD, 2E, 00, 00, 59, A3, A4, 50, 41, 00, E8, 12, 19, 00, 00, 85, C0, 74, 2F, C7, 45, FC, 00, 00, 00, 00, E8, 32, 1B, 00, 00, E8, ED, 1B, 00, 00, E8, 38, 1C, 00, 00, E8, 33, 20, 00, 00, E8, CE, 20, 00, 00, BB, 30, 4D, 41, 00, 81, FB, 30, 4D, 41, 00, 73, 1C, EB, 0D, 6A, FE, E8, 88, 21, 00, 00, 59, E9, 91, 00, 00, 00, FF, 13...
 
[+]

Entropy:
7.6300

Code size:
68.5 KB (70,144 bytes)

The file activedancerguy.exe has been seen being distributed by the following URL.

Remove activedancerguy.exe - Powered by Reason Core Security