home

archive.rar.exe

Vertiogertos

UKRANIAN MOBILE GROUP

The application archive.rar.exe, “DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the” by UKRANIAN MOBILE GROUP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
flasH mea DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the  (signed by UKRANIAN MOBILE GROUP)

Product:
Vertiogertos

Description:
DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the

Version:
1.00.0279

MD5:
2a0a769e3c5b910b0c9e9d9592a914ce

SHA-1:
e61ee8323b0fdfcadbdad014c001a35f86916001

SHA-256:
266d46e7f6cc5584321c6746d7fbcfb22d92a440ba3c310c0f1a983ccc07d6ad

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 9:08:08 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.1.14.18

File size:
2.8 MB (2,911,560 bytes)

Product version:
1.00.0279

Trademarks:
DeviantArt is the world's largest online social community for artists and art enthusiasts, allowing people to connect through the

Original file name:
NEOwzcu.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\archive.rar.exe

Digital Signature
Signed by:
UKRANIAN MOBILE GROUP

Authority:
COMODO CA Limited

Valid from:
3/15/2016 4:00:00 AM

Valid to:
3/16/2017 3:59:59 AM

Subject:
CN=UKRANIAN MOBILE GROUP, O=UKRANIAN MOBILE GROUP, STREET=str. Lenina 1/65-H, L=Ilyichevsk, S=Odessa Oblast, PostalCode=68000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
10048E265E81FBBB408D53D47361DE6E

File PE Metadata
Compilation timestamp:
4/6/2016 11:48:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1180

Entry point:
68, 08, 12, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, CD, E6, 72, EA, 24, DD, 2C, 4A, 8D, BB, 02, 72, 9C, E1, 81, 0A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, 00, 00, 01, 00, 56, 65, 72, 74, 69, 6F, 67, 65, 72, 74, 6F, 73, 00, 00, 00, 00, 00, 00, 00, 00, 06, 00, 00, 00, F0, 66, 40, 00, 07, 00, 00, 00, 7C, 36, 40, 00, 07, 00, 00, 00, 10, 36, 40, 00, 07, 00, 00, 00, B0, 35, 40, 00, 07, 00, 00, 00, 4C, 35, 40, 00, 07, 00, 00, 00, 48, 34, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
144 KB (147,456 bytes)

Remove archive.rar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.