avga8fd.exe

SilentInstaller

The application avga8fd.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d2lpoftoo4hdad.cloudfront.net.
Product:
SilentInstaller

Version:
1.0.0.1

MD5:
886507819578cf66d6a920253143d6e4

SHA-1:
1f19d9679cef4dedc6474650399ebeb1f4873c7e

SHA-256:
1523fab7186643f2adb5250e28d66ae7ce8be8bb34150d0b96535ef71f1ab630

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 11:25:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.169798
429

AhnLab V3 Security
PUP/Win32.OfferInstaller
2015.12.03

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.2.4

Arcabit
Trojan.Zusy.D29746
1.0.0.628

Baidu Antivirus
Adware.MSIL.Imali
4.0.3.15123

Bitdefender
Gen:Variant.Zusy.169798
1.0.20.1685

Emsisoft Anti-Malware
Gen:Variant.Zusy.169798
8.15.12.03.11

ESET NOD32
MSIL/Adware.Imali (variant)
9.12661

Fortinet FortiGate
Adware/Agent
12/3/2015

F-Secure
Gen:Variant.Zusy.169798
11.2015-03-12_5

G Data
Gen:Variant.Zusy.169798
15.12.25

IKARUS anti.virus
AdWare.MSIL.Imali
t3scan.1.9.5.0

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.1028

MicroWorld eScan
Gen:Variant.Zusy.169798
16.0.0.1011

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

SUPERAntiSpyware
Adware.Kazy/Variant
9470

File size:
313 KB (320,512 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2014

Original file name:
SilentInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\avga8fd.exe

File PE Metadata
Compilation timestamp:
12/1/2015 11:41:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:+bFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5VenmqekL:+RZwgVxGq86oH/MKvnolgZqeW

Entry address:
0x4F01E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8796

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
308.5 KB (315,904 bytes)

The file avga8fd.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to a172-231-150-30.deploy.static.akamaitechnologies.com  (172.231.150.30:443)

Remove avga8fd.exe - Powered by Reason Core Security