home

archive.rar.exe

Vertiogertos

UKRANIAN MOBILE GROUP

The application archive.rar.exe, “DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the” by UKRANIAN MOBILE GROUP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
flasH mea DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the  (signed by UKRANIAN MOBILE GROUP)

Product:
Vertiogertos

Description:
DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the

Version:
1.00.0279

MD5:
a69d26e2b6bbec9b690a04728d365191

SHA-1:
da3af9d10e8884c276112b7168d7bd73c00d4766

SHA-256:
328345b3cfbec42335455dde405313e3cf3292c5cfde2c1fe2ae5b1b14e94163

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:55:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.1.14.18

File size:
2.8 MB (2,911,560 bytes)

Product version:
1.00.0279

Trademarks:
DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the

Original file name:
NEOwzcu.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\archive.rar.exe

Digital Signature
Signed by:
UKRANIAN MOBILE GROUP

Authority:
COMODO CA Limited

Valid from:
3/15/2016 4:00:00 AM

Valid to:
3/16/2017 3:59:59 AM

Subject:
CN=UKRANIAN MOBILE GROUP, O=UKRANIAN MOBILE GROUP, STREET=str. Lenina 1/65-H, L=Ilyichevsk, S=Odessa Oblast, PostalCode=68000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
10048E265E81FBBB408D53D47361DE6E

File PE Metadata
Compilation timestamp:
4/6/2016 11:48:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1180

Entry point:
68, 08, 12, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, CD, E6, 72, EA, 24, DD, 2C, 4A, 8D, BB, 02, 72, 9C, E1, 81, 0A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, 00, 00, 01, 00, 56, 65, 72, 74, 69, 6F, 67, 65, 72, 74, 6F, 73, 00, 00, 00, 00, 00, 00, 00, 00, 06, 00, 00, 00, F0, 66, 40, 00, 07, 00, 00, 00, 7C, 36, 40, 00, 07, 00, 00, 00, 10, 36, 40, 00, 07, 00, 00, 00, B0, 35, 40, 00, 07, 00, 00, 00, 4C, 35, 40, 00, 07, 00, 00, 00, 48, 34, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
144 KB (147,456 bytes)

Remove archive.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.