aktywator.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.farmupdatebits.com and multiple other hosts.
Version:
3.4.0.131

MD5:
e500a5f17c3cedc830721070cd5b8b80

SHA-1:
5467b52547467a4fc6816d75cde00615913afc7d

SHA-256:
9c03c4e08e6b3afd10e337a772d9384d7ef454ca9df1dcfdc02a32bce148d049

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 7:31:34 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Hacktool.Win32.Packed.Themida
4.0.3.151028

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
UnclassifiedMalware
23491

ESET NOD32
Win32/Packed.Themida suspicious (variant)
9.12480

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151026

File size:
3.2 MB (3,347,968 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\aktywator.exe

File PE Metadata
Compilation timestamp:
9/29/2015 11:05:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:Ye4pe+LROHs/SYKH2gYoZ8zF5tqVjCkK:PeFOHFYKHjYI2FG5

Entry address:
0x88B000

Entry point:
EB, 08, 0F, F4, 32, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, B9, 1B, 00, 00, 01, 00, 30, 82, 1B, B5, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, A6, 30, 82, 1B, A2, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, D9, F8, 34, 93, D3, CA, 49, 9B, 3A, 49, 19, AD, 13, 3C, D8, 56, 5C...
 
[+]

Code size:
3 MB (3,104,256 bytes)

The file aktywator.exe has been discovered within the following program.

Polski VAG 4.9  by www.obd2.pl
www.obd2.pl
About 7% of users remove it
 
Powered by Should I Remove It?

The file aktywator.exe has been seen being distributed by the following 7 URLs.

http://www.farmupdatebits.com/c?x=wpalKOc6m8SSxs7hCD4sohnWWmBxt7qn/WM/s15JxCI=&c=Mx2ic97VpkMkQ0hAfnz7f3dLcF7B4/.../YsrYepE9PPAXTY=

http://www.toursguardmeta.com/0HoGQd9Xp6rWf25lD64isz6RU50BbYvyfOJC86ZgsduggTizrC9v4Cu9JQF1a tIynxZzdkjsXcK6PsK9Y1NCWpiw0di3K3ZDlUWNyYdYi6CE4sNs5dhMjxUubFYDESHRqcnxsc 3PDjc7wMX AeflJN8c0bSksuZCUciu3B Ug 8JFAmdblqra71ZBkokB7ykBJJ7Onsli0j4Sce7G8KXihCNTz8 XRrsNvxZlbHAAKf2 jq4K2XzbshU1DPIcZt3y_vDt95BXijFIu04zXCDcT9Vu5Ho73cRMOfjD22OiL9HNaAj9Fl9sl7gxX MEBTlHDqhN3QlSaDjyQTlZlQL26MF9jlW_aSM0gCHH_QqQ6wtekG9IssZIAs4fKn_JVX4vVHKtnVk2vL4aKL82qYbSUwwYqMe7NgdOWTZNy8HiW_z9xuLs=-GzMAAARkm dlnvcI8QgyRKzAIQfs_yIJCMN64zpQboz8Ni5h5BmNT_bJULCjrPqXihz2DA==

http://www.purefoldercity.com/c?x=lrRmwqfNS8glxrgMV1wKzem 0f cZDaxuhzlsbdQ348=&c=cmGwQuAgH/syYwFEWVQ6dbuAtMYud8EDXyChbEpBWsuqD0iWjvOswhTXbfPB0XJ53xX1 4Elni di9k8l7/16gArvVwcUv3lgTZpUI2Qfaeak7DVP2Fl8i5pkxf5rJyC&downloadAs=polski-vag.exe&fallback_url=http://www.vag-tech.com/vagcanpro/.../aktywator.exe

Scan aktywator.exe - Powered by Reason Core Security