home

archive.rar.exe

Macdoc

UKRANIAN MOBILE GROUP

The application archive.rar.exe, “We assume that expert E k reports his preferences” by UKRANIAN MOBILE GROUP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
FLASh Mode MDRE present a different approach to   (signed by UKRANIAN MOBILE GROUP)

Product:
Macdoc

Description:
We assume that expert E k reports his preferences

Version:
1.00.0570

MD5:
4a00cfe6c1ad95e8c3132cc1a94cc64b

SHA-1:
94de182b858bbd3cdd92722246965db347e5622f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:21:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.2.27.5

File size:
2.7 MB (2,840,992 bytes)

Product version:
1.00.0570

Original file name:
pAvqVSga.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\My documents\archive.rar.exe

Digital Signature
Signed by:
UKRANIAN MOBILE GROUP

Authority:
COMODO CA Limited

Valid from:
3/15/2016 3:00:00 AM

Valid to:
3/16/2017 2:59:59 AM

Subject:
CN=UKRANIAN MOBILE GROUP, O=UKRANIAN MOBILE GROUP, STREET=str. Lenina 1/65-H, L=Ilyichevsk, S=Odessa Oblast, PostalCode=68000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
10048E265E81FBBB408D53D47361DE6E

File PE Metadata
Compilation timestamp:
5/5/2016 10:54:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1414

Entry point:
68, 08, 8E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 3B, 04, 1F, 67, FF, 5D, 81, 4B, 87, 70, 24, 21, C8, 46, FF, 55, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, B7, 02, 20, C1, 40, 00, 53, 65, 6E, 69, 61, 00, 40, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 6E, BD, 40, 16, C4, EE, 89, 40, AF, 12, E1, 5A, D4, 9E, 34, DF, 99, BE, 94, 20, C8, 45, 10, 4E, AE, D9, 4B, A2, 3E, 64, E3, 8F, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
44 KB (45,056 bytes)

Remove archive.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.