home

adblock.exe

The application adblock.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from tmpfile162.s3.amazonaws.com and multiple other hosts.
MD5:
22252a379ddd7cf629ca86583fb8eeef

SHA-1:
ef7b359d7f2844218b33cb2173eb79f27615236c

SHA-256:
9a93db5daf987659eaa408b020333aa97e646888ddd10ca7810d0417a7ed5268

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 12:30:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundler (M)
16.3.8.22

File size:
341.1 KB (349,270 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\adblock.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6144:Q8OZ1uIZjTse7GDcHeLMyVhozwFznw+UoAbxLdnbCuPr3znpKSbLSskKZ4Mk:E1uIhHGCejVhtw+UoAbFnpRaJV

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, BC, 56, 4D, 3D, 86, A5, E6, 24, CE, 53, 05, 00, AA, 98, 05, 00, 13, 00, 00, 00, 65, 78, 74, 65, 6E, 73, 69, 6F, 6E, 5F, 32, 5F, 32, 5F, 35, 2E, 63, 72, 78, 64, 77, 63, 6C, 2E, 0C, D0, 65, 6D, DB, B6, ED, DE, DA, B6, 6D, DB, 7D, 6A, DB, B8, B5, 6D, DB, 76, 6F, 6D, DB, 76, BF, 77, 93, DD, 64, 37, 3B, C9, 99, 49, 4E, E6, D7, 78, 44, 9C, 59, D8, 40, 80, 80, 80, 0A, FF, 43, C0, 7F, 60, 0A, CC, 63, 82, 87, 80, A6, 09, 93, 0C, 7B, 85, 07, 06, 06, 06, 07, 02, 0D, 8C, FD, 8F...
 
[+]

Entropy:
7.9993  (probably packed)

The file adblock.exe has been seen being distributed by the following 5 URLs.

https://tmpfile162.s3.amazonaws.com/download77/ic_trackings/554/.../adblock.exe

https://tmpfile394.s3.amazonaws.com/download77/ic_trackings/793/.../adblock.exe

https://tmpfile421.s3.amazonaws.com/download77/ic_trackings/421/.../adblock.exe

https://tmpfile107.s3.amazonaws.com/download77/ic_trackings/272/.../adblock.exe

https://tmpfile102.s3.amazonaws.com/download77/ic_trackings/16/.../adblock.exe

Remove adblock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.