home

adv_64.exe

The application adv_64.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Remote Desktop Access (VuuPC) by CMI Limited which is a potentially unwanted software program. The file has been seen being downloaded from dl1.downserver4.com and multiple other hosts. While running, it connects to the Internet address dl19.clickmein.com on port 80 using the HTTP protocol.
Description:
install

Version:
1.0.0.0

MD5:
6a579f7efe89c3939e7ce60fdca68f67

SHA-1:
f2251a7a386675fe43902adc0525d33672c8bb84

SHA-256:
22e16717ea7c46c3651fa854c2d617f55284be21c287474bec51d19b3d25592a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:45:10 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.VOPackage
4.0.3.141217

ESET NOD32
Win32/VOPackage.AZ
8.10889

McAfee
Artemis!6A579F7EFE89
5600.6914

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.141215

File size:
307.8 KB (315,199 bytes)

Product version:
1.0.0.0

Copyright:
(c) 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\adv_64.exe

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:De34gTmkgOdkibyek1Lr+Ky69d3pkL75+ZPPfnE2Qyn2FEtt2NB6+sWk52B6+szg:GTlgWtb0Lr+9XLF+ZPPfnEUnsEWfXsW1

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8952

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file adv_64.exe has been discovered within the following program.

Remote Desktop Access (VuuPC)  by CMI Limited
Developed and distributed through bundled installer from Click Me In. The software may be bundled by 3rd-party products using the InstallCore distribution platform.
vuupc.com/terms.html
About 82% of users remove it
 
Powered by Should I Remove It?

The file adv_64.exe has been seen being distributed by the following 2 URLs.

http://dl1.downserver4.com/Installer/.../VOPackage_1712.exe

http://cdn.drop1226.info/Installer/.../VOPackage_1712.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-188-194.compute-1.amazonaws.com  (54.243.188.194:80)

TCP (HTTP):
Connects to dl19.clickmein.com  (50.7.184.162:80)

TCP (HTTP):
Connects to ec2-54-228-251-241.eu-west-1.compute.amazonaws.com  (54.228.251.241:80)

TCP (HTTP):
Connects to ec2-204-236-237-88.compute-1.amazonaws.com  (204.236.237.88:80)

TCP (HTTP):
Connects to ec2-176-34-242-183.eu-west-1.compute.amazonaws.com  (176.34.242.183:80)

TCP (HTTP):
Connects to ec2-107-22-176-10.compute-1.amazonaws.com  (107.22.176.10:80)

TCP (HTTP):
Connects to ec2-107-21-92-72.compute-1.amazonaws.com  (107.21.92.72:80)

TCP (HTTP):
Connects to dl9.clickmein.com  (50.7.241.202:80)

TCP (HTTP):
Connects to dl22.clickmein.com  (216.227.128.162:80)

TCP (HTTP):
Connects to dl16.clickmein.com  (50.7.99.2:80)

TCP (HTTP):
Connects to dl11.clickmein.com  (50.7.158.58:80)

Remove adv_64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.