adwcleaner_3.310.exe

The executable adwcleaner_3.310.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from toolslib.net and multiple other hosts. While running, it connects to the Internet address filer-whg.archive-host.com on port 80 using the HTTP protocol.
Version:
3.3.1.0

MD5:
1b151cce618be06c22b55fd4b502b75e

SHA-1:
216c151e6a4d5e0c9c84590d9b2839b8de78eaab

SHA-256:
b8bb0cde9661e6a0af6001f85fca94e5f78578829e675f39f2b44bacf20a14d1

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
11/16/2024 6:39:57 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Paked
1.3.0.4959

Comodo Security
Packed.Win32.MUPX.Gen
19623

K7 AntiVirus
Trojan
13.183.13490

Reason Heuristics
(M)
16.6.6.1

File size:
1.3 MB (1,373,475 bytes)

Product version:
3.3.8.1

File type:
Executable application (Win32 EXE)

Language:
francia (Franciaország)

File PE Metadata
Compilation timestamp:
1/29/2012 10:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:SthEVaPqLG2dws4o6TJrjGu60IZlRPCW8t7po1hHlKqBtws7GkyI/SK:qEVUcGIiJPJ6vZn98tUnbqfK

Entry address:
0xC4E80

Entry point:
60, BE, 00, 30, 48, 00, 8D, BE, 00, E0, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file adwcleaner_3.310.exe has been seen being distributed by the following 50 URLs.

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/5525dc9975dea2e955b337e9565f44c1/54170036/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/be527416a5cf063c836f197cfbc29af8/541ae24d/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/6d1f1d5d30dc1fecacfe6f8a1b4bd5bf/541845f2/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/c58434a8e3713b0c0e2ac4cff7f438db/54184e0c/windows/security/security-utilities/a/.../AdwCleaner.exe

http://www.tamindir.com/indir/MjAxNC0xMS0wNCAxMTo0ODowOQ==/adwcleaner/.../3.310

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/197d64f42b2dc28e67ea2996059907a7/541c0a05/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://www.programosy.pl/.../pobierz,adwcleaner,2.html

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/bc1cc9f98c600699b760db6d4a8f9ab8/541382b0/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/ec05ffe6354e848ea9f6074d68b201ee/541401df/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

http://download.bleepingcomputer.com/dl/3d9a0d372a7f2c012ed4eb89b77710dc/54183904/windows/security/security-utilities/a/.../AdwCleaner.exe

http://download.bleepingcomputer.com/dl/8fa8e99a7a47db60c457239d5a94f2c7/54199071/windows/security/security-utilities/a/.../AdwCleaner.exe

https://toolslib.net/downloads/finish/1/get/.../

https://toolslib.net/downloads/finish/1/get/.../

http://lb.cdn.m6web.fr/d/c/a/44d6828b432f7937d2a85d23fc86ef0e/5422ba17/soft/.../adwcleaner_3-310_fr_430277.exe

https://toolslib.net/downloads/finish/1/get/.../

Latest 30 of 1,057 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to filer-whg.archive-host.com  (37.187.30.172:80)

TCP (HTTP):
Connects to www.autoitscript.com  (212.227.91.231:80)

Remove adwcleaner_3.310.exe - Powered by Reason Core Security