home

ada.exe

The application ada.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from weu1-api.asm.skype.com.
MD5:
d988c9332bea99c425364aa94afb2099

SHA-1:
b37d18c17adbf3a31ed8ac4f7616365e3cc4eb6d

SHA-256:
ec8f140ceb0329a5099501be71079b4fafcf9bd13c07fd6a9266c0f58a197347

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 11:10:13 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1472901
370

AegisLab AV Signature
Adwareare.Amonetize.Gen!c
2.1.4+

Agnitum Outpost
PUA.Amonetize
7.1.1

Avira AntiVirus
ADWARE/Amonetize.2067456
8.3.2.4

Arcabit
Adware.Generic.D167985
1.0.0.646

avast!
Win32:Adware-gen [Adw]
2014.9-160130

AVG
BundleApp
2017.0.2848

Baidu Antivirus
PUA.Win32.Amonetize
4.0.3.16130

Bitdefender
Adware.Generic.1472901
1.0.20.150

Bkav FE
HW32.Packed
1.3.0.7400

Emsisoft Anti-Malware
Adware.Generic.1472901
8.16.01.30.03

ESET NOD32
Win32/Amonetize.IX potentially unwanted (variant)
10.12923

Fortinet FortiGate
Riskware/Amonetize
1/30/2016

F-Secure
Adware.Generic.1472901
11.2016-30-01_7

G Data
Adware.Generic.1472901
16.1.25

K7 AntiVirus
Adware
13.212.18529

MicroWorld eScan
Adware.Generic.1472901
17.0.0.90

NANO AntiVirus
Riskware.Win32.Amonetize.dzrekn
1.0.14.5380

Panda Antivirus
Generic Suspicious
16.01.30.03

Qihoo 360 Security
Win32/Virus.Adware.939
1.0.0.1077

Reason Heuristics
PUP.Amonetize (M)
16.1.30.15

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16128

Trend Micro
TROJ_GEN.R00JC0OAF16
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
46750

Zillya! Antivirus
Trojan.SuperThreat.Win32.11872
2.0.0.2628

File size:
2 MB (2,067,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\skype\my skype received files\ada.exe

File PE Metadata
Compilation timestamp:
1/2/2016 6:40:01 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:dkRCiTzC3NZm/uFOFPoiXzWmtURYb+M0dk:KCiTz0VFijSmtH6bd

Entry address:
0x42A389

Entry point:
EB, 08, CA, 94, 1E, 00, 00, 00, 00, 00, E9, 42, 29, E2, FF, 00, 00, 00, 00, 00, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 10, 41, 00, F0, A3, 82, 00, 35, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 15, 73, 02, 00, 1F, 74, 02, 00, B0, C6, 02, 00, 3C, 09, 03, 00, C8, 13, 03, 00, A8, 29, 03, 00, 10...
 
[+]

Code size:
2 MB (2,065,920 bytes)

The file ada.exe has been seen being distributed by the following URL.

https://weu1-api.asm.skype.com/v1/objects/0-weu-d4-bb4a4a5a5cbc27b4a690ec80cd4d22a1/.../original

Remove ada.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.