» AdMunch.exe
Overview
Analysis
File Details
Behaviors (1)

AdMunch.exe

Ad Muncher

Murray Hurps Software Pty Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Ad Muncher’.

File name:

AdMunch.exe

Publisher:

Murray Hurps Software Pty Ltd (signed and verified)

Product:

Ad Muncher

Version:

4.94.34121 (Free)

MD5:

a3407d81ed02f86fc2775f9b253a01ec

SHA-1:

363ed721c85692c993fdc1dbe39193ffa9c1c01d

SHA-256:

14a9d7bbfd2a60ca5cd6a476520bd2c943cd7688533e7780ab6eb76ab4070e9e

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/26/2024 10:57:19 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Kryptik.KGY trojan

6.3.12010.0

File size:

547.6 KB (560,760 bytes)

Product version:

4.94.34121 (Free)

Original file name:

AdMunch.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ad muncher\admunch.exe

Digital Signature

Signed by:

Murray Hurps Software Pty Ltd

Authority:

GoDaddy.com, Inc.

Valid from:

10/13/2014 5:25:47 AM

Valid to:

10/13/2015 5:25:47 AM

Subject:

CN=Murray Hurps Software Pty Ltd, O=Murray Hurps Software Pty Ltd, L=Box Hill, S=New South Wales, C=AU

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00C1A391D64C66

File PE Metadata

Compilation timestamp:

12/7/2026 7:34:11 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:DGTL2PeTIH7KaEV+QRYgrbMN4w9MEdcjhVNUmdH2OMQUptwkoSS:DGlT8S+ErbM99MdjlUmHM3w3

Entry address:

0x6B3190

Entry point:

60, BE, 00, 20, A3, 00, 8D, BE, 00, F0, 9C, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 43, 12, 6B, 00, 57, 83, C3, 04, 53, 68, 8E, 11, 08, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9670 (probably packed)

Code size:

520 KB (532,480 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Ad Muncher

Command:

"C:\Program Files\ad muncher\admunch.exe" \bt

Scan AdMunch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.