home

applow.exe

Xoqjpwljbz

Sdtsd

The application applow.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from i1.proffiiget.in and multiple other hosts.
Publisher:
Sdtsd

Product:
Xoqjpwljbz

Description:
Tnkjvaaulvc

Version:
1.0.0.0

MD5:
cdf95ba511a1fd9775433172fb40c396

SHA-1:
0e336affc7e54b95c3521bbaaec3de5597cce6f4

SHA-256:
2de56386a0134fea97a89b73fa51c75f0e235a05acf66ffb68481e6fecdef7d0

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/5/2024 11:42:13 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.ScrambleWrapper
4.0.3.131223

Dr.Web
Trojan.Crossrider.20
9.0.1.0357

ESET NOD32
Win32/Packed.ScrambleWrapper
7.9190

Malwarebytes
PUP.Optional.Bundler
v2013.12.23.04

Reason Heuristics
Unnamed.Threat.14
14.3.3.11

SUPERAntiSpyware
Trojan.Agent/Gen-Falprod[private]
10891

File size:
5 MB (5,231,587 bytes)

Copyright:
Oksxnrhvhzbgk

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\applow.exe

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:WbWiLlgYzp/b9t99Wn9oIJ2kiEH0NRcYGQ4pKsX29h/CGZ+WQmJooh4:W60lgQpT9TM9olkzUI9QWX21Zn4

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9981  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file applow.exe has been seen being distributed by the following 2 URLs.

http://i1.proffiiget.in/.../applow.exe

http://i1.stylefun.info/.../applow.exe

Remove applow.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.