» aktywatorwindows7__7934_il12344.exe
Overview
Analysis
File Details
Downloads (1)

aktywatorwindows7__7934_il12344.exe

Borussia Dortmund Demo

Develop Proekt, TOV

The application aktywatorwindows7__7934_il12344.exe, “Borussia Dortmund gmbh” by Develop Proekt, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Borussia Dortmund (signed by Develop Proekt, TOV)

Product:

Borussia Dortmund Demo

Description:

Borussia Dortmund gmbh

Version:

2.10.26.43

MD5:

41e686481f46664ecb487c391b4659b1

SHA-1:

612f7503ff4be75bdd2734e5856076e4636865fd

SHA-256:

741992a6f2b4f75f24e04c83d3fa58c0e2cab2c173461338d966cf3b4e4edd05

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/22/2024 8:16:43 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.DevelopP (M)

16.5.8.14

File size:

954.2 KB (977,095 bytes)

Product version:

2.10.26.43

Original file name:

bor.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\aktywatorwindows7__7934_il12344.exe

Digital Signature

Signed by:

Develop Proekt, TOV

Authority:

COMODO CA Limited

Valid from:

4/18/2016 12:00:00 AM

Valid to:

4/18/2017 11:59:59 PM

Subject:

CN="Develop Proekt, TOV", OU=IT, O="Develop Proekt, TOV", STREET="vul. PREDSLAVYNSKA, 34-B", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BEE04287A1E0464634495BC96248B8F7

File PE Metadata

Compilation timestamp:

5/8/2016 1:06:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:8jH8L/wLKjUOPDFuQBtzCDrI3D3hCc0l02C4EJX41+4pLaIEhAiOP791oyLQ15ln:3W8NDN5CeLap1+4pLaIE89lLQr7d

Entry address:

0x39AC

Entry point:

E8, 05, 1B, 00, 00, E9, 7F, FE, FF, FF, 6A, 08, B8, 64, E7, 40, 00, E8, BD, 1C, 00, 00, FF, 75, 08, 83, 65, FC, 00, E8, F3, FD, FF, FF, 59, EB, 0D, 83, 65, EC, 00, B8, DB, 39, 40, 00, C3, 8B, 45, EC, E8, 55, 1C, 00, 00, C3, E8, 66, 0B, 00, 00, 85, C0, 75, 06, B8, C4, 51, 41, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 32, 0B, 00, 00, 85, C0, 75, 06, B8, C0, 51, 41, 00, C3, 83, C0, 08, C3, 55... 
[+]

Code size:

54.5 KB (55,808 bytes)

The file aktywatorwindows7__7934_il12344.exe has been seen being distributed by the following URL.

http://610840.fullversiondownload.website/download11.php?x=ca6154b37338eccf70cbf84a75a5fde7&id=DawidJ1906&title=AktywatorWindows7

Remove aktywatorwindows7__7934_il12344.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.