» aol_checker.exe
Overview
Analysis
File Details
Downloads (2)

aol_checker.exe

The executable aol_checker.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from i1.reportbox3.info and multiple other hosts a known adware distribution point operated by WEB PICK - INTERNET HOLDINGS LTD.

File name:

aol_checker.exe

MD5:

a312e882f2512066a641aaa303ace0ce

SHA-1:

aade687972f92c65a1899fdb81dd3e0791947670

SHA-256:

59e72abe4d09f17f0402754bca0f1c2f20c9df13f127bc709bd7a72ac8d86b76

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

11/27/2024 4:58:39 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DL.Kaidos

7.1.1

AVG

Downloader.Generic13

2014.0.3617

Baidu Antivirus

Trojan.Win32.Kaidos

4.0.3.131222

Bitdefender

Trojan.Agent.AZPB

1.0.20.1780

Bkav FE

W32.Clod7f1.Trojan

1.3.0.4261

Dr.Web

Trojan.DownLoad3.17034

9.0.1.0356

Emsisoft Anti-Malware

Trojan.Agent.AZPB

8.13.12.22.06

ESET NOD32

Win32/SProtector (variant)

7.8943

Fortinet FortiGate

W32/Kaidos.D!tr.dldr

12/22/2013

F-Secure

Trojan.Agent.AZPB

11.2013-22-12_1

G Data

Trojan.Agent.AZPB

13.12.22

IKARUS anti.virus

Trojan-Downloader.Win32.Kaidos

t3scan.2.0.127

Kaspersky

Trojan-Downloader.Win32.Kaidos

14.0.0.4581

Malwarebytes

Trojan.Agent.H

v2013.12.22.06

McAfee

Generic Downloader.x!gmq

5600.7273

NANO AntiVirus

Trojan.Win32.Kaidos.bjlsur

0.26.0.55532

Norman

Suspicious_Gen5.IGHM

11.20131222

nProtect

Trojan/W32.Agent.304640.GZ

13.10.21.03

Panda Antivirus

W32/Vobfus.GEP.worm

13.12.22.06

Reason Heuristics

Unnamed.Threat.23

14.3.3.11

Rising Antivirus

Trojan.Win32.Generic.137211EB

23.00.65.131220

Sophos

Mal/Generic-S

4.93

VIPRE Antivirus

Trojan.Win32.Generic

22588

XVirus List

Win.Detected

2.3.31

File size:

297.5 KB (304,640 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\aol_checker.exe

File PE Metadata

Compilation timestamp:

5/21/2012 8:45:02 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:kLTLIynRhhVWD0ERkzZr8t6rYytKTLLxDS9dBiJTBdb1+j7soS:0T8OO0EOzE+dMLLx+9j0TBr6AoS

Entry address:

0xB6010

Entry point:

60, BE, 00, D0, 46, 00, 8D, BE, 00, 40, F9, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 2A, 4A, 0B, 00, 57, 83, C3, 04, 53, 68, 06, 90, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9928 (probably packed)

Code size:

296 KB (303,104 bytes)

The file aol_checker.exe has been seen being distributed by the following 2 URLs.

http://i1.reportbox3.info/.../aol_checker.exe

http://i1.installbox1.info/.../aol_checker.exe

Remove aol_checker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.