» aktywator.exe
Overview
Analysis
File Details
Programs (1)
Downloads (7)

aktywator.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.farmupdatebits.com and multiple other hosts.

File name:

aktywator.exe

Version:

3.4.0.131

MD5:

e500a5f17c3cedc830721070cd5b8b80

SHA-1:

5467b52547467a4fc6816d75cde00615913afc7d

SHA-256:

9c03c4e08e6b3afd10e337a772d9384d7ef454ca9df1dcfdc02a32bce148d049

Scanner detections:

5 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

11/5/2024 2:44:17 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Hacktool.Win32.Packed.Themida

4.0.3.151028

Bkav FE

HW32.Packed

1.3.0.7383

Comodo Security

UnclassifiedMalware

23491

ESET NOD32

Win32/Packed.Themida suspicious (variant)

9.12480

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151026

File size:

3.2 MB (3,347,968 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\aktywator.exe

File PE Metadata

Compilation timestamp:

9/29/2015 11:05:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:Ye4pe+LROHs/SYKH2gYoZ8zF5tqVjCkK:PeFOHFYKHjYI2FG5

Entry address:

0x88B000

Entry point:

EB, 08, 0F, F4, 32, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, B9, 1B, 00, 00, 01, 00, 30, 82, 1B, B5, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, A6, 30, 82, 1B, A2, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, D9, F8, 34, 93, D3, CA, 49, 9B, 3A, 49, 19, AD, 13, 3C, D8, 56, 5C... 
[+]

Code size:

3 MB (3,104,256 bytes)

The file aktywator.exe has been discovered within the following program.

Polski VAG 4.9 by www.obd2.pl

www.obd2.pl

About 7% of users remove it

The file aktywator.exe has been seen being distributed by the following 7 URLs.

http://www.farmupdatebits.com/c?x=wpalKOc6m8SSxs7hCD4sohnWWmBxt7qn/WM/s15JxCI=&c=Mx2ic97VpkMkQ0hAfnz7f3dLcF7B4/.../YsrYepE9PPAXTY=

http://www.toursguardmeta.com/0HoGQd9Xp6rWf25lD64isz6RU50BbYvyfOJC86ZgsduggTizrC9v4Cu9JQF1a tIynxZzdkjsXcK6PsK9Y1NCWpiw0di3K3ZDlUWNyYdYi6CE4sNs5dhMjxUubFYDESHRqcnxsc 3PDjc7wMX AeflJN8c0bSksuZCUciu3B Ug 8JFAmdblqra71ZBkokB7ykBJJ7Onsli0j4Sce7G8KXihCNTz8 XRrsNvxZlbHAAKf2 jq4K2XzbshU1DPIcZt3y_vDt95BXijFIu04zXCDcT9Vu5Ho73cRMOfjD22OiL9HNaAj9Fl9sl7gxX MEBTlHDqhN3QlSaDjyQTlZlQL26MF9jlW_aSM0gCHH_QqQ6wtekG9IssZIAs4fKn_JVX4vVHKtnVk2vL4aKL82qYbSUwwYqMe7NgdOWTZNy8HiW_z9xuLs=-GzMAAARkm dlnvcI8QgyRKzAIQfs_yIJCMN64zpQboz8Ni5h5BmNT_bJULCjrPqXihz2DA==

http://www.purefoldercity.com/c?x=lrRmwqfNS8glxrgMV1wKzem 0f cZDaxuhzlsbdQ348=&c=cmGwQuAgH/syYwFEWVQ6dbuAtMYud8EDXyChbEpBWsuqD0iWjvOswhTXbfPB0XJ53xX1 4Elni di9k8l7/16gArvVwcUv3lgTZpUI2Qfaeak7DVP2Fl8i5pkxf5rJyC&downloadAs=polski-vag.exe&fallback_url=http://www.vag-tech.com/vagcanpro/.../aktywator.exe

http://www.cycletowerbest.com/c?x=qiDc6Gwriuk3JUZLhGt3WNB 7s6P7Su8WAGiYzbvTrw=&c=6PJ8I5gQz2ts XRCrrDzWX5i6qCtZphrpD6B9NMvn48nmIn7zkxrh6g2h0usbSd8lh6D6X MliNfoNaWuHJdKYBWjpfT8NTd04yeeVYnA2zSGp0SX3VJo4/SbFn180Cr&downloadAs=polski-vag.exe&fallback_url=http://www.vag-tech.com/vagcanpro/.../aktywator.exe

http://www.cycletowerbest.com/c?x=WLHFR0awajmR GYNvXKMZZUl0o7hgOCvNBCZa9q7vm0=&c=qWRJuXIEeR6KV3L3a8nzIg/aM5C2SQeI6S5Kml/B04c5x710eA4YMueU68pyyZy1cfGzw4UQWQmXVYCDvowNORvWO6lD0FIXMUYj22VsJmEBOIpIXi/KOlMAkzBIkhcE&downloadAs=polski-vag.exe&fallback_url=http://www.vag-tech.com/vagcanpro/.../aktywator.exe

http://www.purefoldercity.com/c?x=o43uGMpnt yupNYC/s76t6w0J81wmFSdzm3dJwx Pqw=&c= YxI3h3w79u/ p2irwd xdlPZv/1wocy8F R0SPWSyo4dKvuCsAG4gkieCUUFkarkeJHq0yuTiNbelwk z2sq5vE/e423/Z4d1iZsITaf0oASuv MKpjyT3907Dmpm5F&downloadAs=polski-vag.exe&fallback_url=http://www.vag-tech.com/vagcanpro/.../aktywator.exe

http://www.vag-tech.com/vagcanpro/.../aktywator.exe

Scan aktywator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.