bandicam20turkc.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application bandicam20turkc.exe by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 21 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from ultrauploadshare.com and multiple other hosts.
Publisher:
Ceziro  (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:
Setup

Description:
Good Setup

Version:
1.1.2.0

MD5:
547cb17a09dfc5a41324d32d6cdd084a

SHA-1:
1040b77b5b9f484d29949c4fbb6a773ce12c6627

SHA-256:
9ef52b55cd3da226c1685954a03f101815c95493a63e173a07eda826ad03738d

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
12/23/2024 10:11:56 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.StartPage
7.1.1

AhnLab V3 Security
Adware/Win32.Downware
2015.03.12

Avira AntiVirus
Adware/Joedown.475352
7.11.216.120

AVG
Generic
2016.0.3173

Comodo Security
ApplicUnwnt
21380

Dr.Web
Trojan.KillFiles.18730
9.0.1.071

ESET NOD32
MSIL/Adware.Joedown (variant)
9.11307

Fortinet FortiGate
Adware/Agent
3/12/2015

G Data
Win32.Application.Agent.Q6QVBH
15.3.25

IKARUS anti.virus
not-a-virus:AdWare.MSIL.Agent
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.200.15238

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.2358

McAfee
Artemis!547CB17A09DF
5600.6829

Panda Antivirus
Generic Suspicious
15.03.12.11

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.Amonitize
15.3.12.11

Sophos
Generic PUA BA
4.98

Trend Micro House Call
TROJ_GEN.R0EBC0EC615
7.2.71

Trend Micro
TROJ_GEN.R0EBC0EC615
10.465.12

VIPRE Antivirus
Trojan.Win32.Generic
38356

File size:
464.2 KB (475,352 bytes)

Product version:
1.1.2.0

Copyright:
Ceziro

Trademarks:
Ceziro

Original file name:
Ceziro.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\bandicam20turkc.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/12/2014 2:00:00 AM

Valid to:
3/13/2015 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
2/26/2015 5:50:50 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:4fMGsgL7GZOsLa30hTbeS/J1s0ldUmx/bLbYnwch3SLTBYUT:4f/nGZY09KS/J1sGdUmx/bwnwccLX

Entry address:
0x6322E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
389 KB (398,336 bytes)

The file bandicam20turkc.exe has been seen being distributed by the following 2 URLs.

Remove bandicam20turkc.exe - Powered by Reason Core Security