home

autodesk_maya_2014.exe

CORLEON GROUP LTD

The application autodesk_maya_2014.exe by CORLEON GROUP has been detected as adware by 14 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from c7wfjzedvf993ij.nonulm.ru.
Publisher:
CORLEON GROUP LTD  (signed and verified)

Version:
1.0.0.0

MD5:
9ace78f4e691d597ee0810eca7ebc367

SHA-1:
b3d1de3fb01357d3c6f2c31d21e744b0967e30c8

SHA-256:
0a50ad0015d01b9a1a92b876d59bcd3c5065a56ee470547a65c9b1ff59f1fd7c

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
1/16/2025 6:50:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/InstallMonst.QA
7.11.189.180

avast!
Win32:InstallMonstr-DY [PUP]
2014.9-141203

AVG
Adware Generic5
2015.0.3272

Dr.Web
Trojan.InstallMonster.242
9.0.1.0337

ESET NOD32
Win32/InstallMonstr.ER.Gen potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.Installmonstr
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14198

NANO AntiVirus
Trojan.Win32.InstallMonster.dagkpn
0.28.6.63726

Panda Antivirus
PUP/InstallMonstr
14.12.03.12

Reason Heuristics
PUP.CORLEONGROUP.S
14.8.7.1

Sophos
Install Monster
4.98

Vba32 AntiVirus
BScope.P2P-Worm.Palevo
3.12.26.3

VIPRE Antivirus
Threat.4845009
35224

File size:
3 MB (3,181,256 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\autodesk_maya_2014.exe

Digital Signature
Signed by:
CORLEON GROUP LTD

Authority:
VeriSign, Inc.

Valid from:
1/16/2014 4:00:00 AM

Valid to:
1/17/2015 3:59:59 AM

Subject:
CN=CORLEON GROUP LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CORLEON GROUP LTD, L=Mahe, S=Maine, C=SC

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05D1EDA621A201F36C3E158FEB2D4DC2

File PE Metadata
Compilation timestamp:
6/3/2014 4:51:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:wy2GbtyoASJN77FSYmnfRXhQDDdNBcrVm7YMWq3:wXgtyo9JV+fZh7roUM93

Entry address:
0x5BCFF0

Entry point:
60, BE, 00, 40, 77, 00, 8D, BE, 00, D0, C8, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
2.3 MB (2,400,256 bytes)

The file autodesk_maya_2014.exe has been seen being distributed by the following URL.

http://c7wfjzedvf993ij.nonulm.ru/.../?j=c2lkPTUzNjQmdXJsPWh0dHAlM0ElMkYlMkZzZXJ2ZXJ0dW1uZXcucnUlMkZmYXN0JTJGbmV3JTJGQXV0b2Rlc2tfTWF5YV8yMDE0LnJhciZuYW1lPUF1dG9kZXNrX01heWFfMjAxNCZ0eXBlPSZzaXplPSZybmQwPTQ3ODUyMDM3MTcxODMz

Remove autodesk_maya_2014.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.