» adv_57.exe
Overview
Analysis
File Details
Downloads (1)

adv_57.exe

IMedia Holdings Ltd.

The application adv_57.exe by IMedia Holdings has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cached.dataurls.com.

File name:

adv_57.exe

Publisher:

IMedia Holdings Ltd. (signed and verified)

Description:

Install

Version:

2.06.19.0

MD5:

5ff375b95f121f80b6cb5e43ba5f9370

SHA-1:

b3b824707139045b510d812df220ec317f9223b5

SHA-256:

8e3acbe163fbc1f2281d56574474d2b8ccc1b9891a25279c417a938c08c54c96

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

1/13/2025 8:25:19 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/Salus

2015.06.19

avast!

NSIS:Adware-RD [Adw]

2014.9-150619

AVG

Generic

2016.0.3073

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Salus.11

9.0.1.0170

ESET NOD32

Win32/Adware.Salus.E.Gen

9.11810

K7 AntiVirus

Adware

13.205.16293

Malwarebytes

PUP.Optional.PrxySvrRST

v2015.06.19.04

Reason Heuristics

PUP.iMedia.IMediaHoldings.Installer (M)

15.6.19.12

File size:

3.9 MB (4,069,184 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\adv_57.exe

Digital Signature

Signed by:

IMedia Holdings Ltd.

Authority:

COMODO CA Limited

Valid from:

5/18/2015 8:00:00 PM

Valid to:

12/25/2015 6:59:59 PM

Subject:

CN=IMedia Holdings Ltd., OU=IMedia Holdings Ltd., O=IMedia Holdings Ltd., STREET=63 Hoi Yuen Road Kwun Tong, L="Kwun Tong, Kowloon", S=Kowloon, PostalCode=000000, C=HK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4CCDC952B43D5F4E4C9E99C70634ACF1

File PE Metadata

Compilation timestamp:

12/25/2013 12:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:l5d9dAnXmrj6qFwPs7YwkjtjOysLs8D2EqZoH5GtIQfPtTm7tQ:jmnw7is8wkjdALQpoZ6IQNV

Entry address:

0x3219

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 37, 42, 00, E8, AD, 2D, 00, 00, A3, E4, 36, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, EC, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 2E, 42, 00, E8, 57, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 45, 2A... 
[+]

Entropy:

7.9994

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file adv_57.exe has been seen being distributed by the following URL.

http://cached.dataurls.com/si6vt20dfg25.exe

Remove adv_57.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.