» blank.exe
Overview
Analysis
File Details
Downloads (1)

blank.exe

LLC Audit Firm ACTIVE - AUDIT

The application blank.exe by LLC Audit Firm ACTIVE - AUDIT has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 2mtsbajyxxpmvv3.bl-up.ru.

File name:

blank.exe

Publisher:

LLC Audit Firm ACTIVE - AUDIT (signed and verified)

Version:

1.0.0.0

MD5:

224be94aefc17afa9b6d2866aafa8cee

SHA-1:

3403106e29976dbdf32f8b3b090bba9d088d91e7

SHA-256:

e5403baf092ee6a72b4d50aeb3380678a08a88b25c3651a02687723624a0cce6

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

12/28/2024 3:19:53 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Downware

2015.06.02

Avira AntiVirus

ADWARE/InstaMon.enif

8.3.1.6

AVG

Adware BundleApp.AWS

2014.0.4311

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallMonster.AK

22312

Dr.Web

Trojan.InstallMonster.1222

9.0.1.05190

ESET NOD32

Win32/InstallMonstr.JT potentially unwanted application

7.0.302.0

IKARUS anti.virus

AdWare.BundleApp

t3scan.1.9.2.0

K7 AntiVirus

Unwanted-Program

13.204.16103

Malwarebytes

PUP.Optional.InstallMonster

v2015.06.02.05

NANO AntiVirus

Trojan.Win32.InstallMonster.dqebkj

0.30.24.1636

Reason Heuristics

PUP.AuditFirmACTIVEAUDIT

15.6.2.0

Sophos

PUA 'Install Monster'

5.14

Vba32 AntiVirus

AdWare.FakeDownloader

3.12.26.4

VIPRE Antivirus

Mayris

40762

Zillya! Antivirus

Adware.FakeDownloader.Win32.1

2.0.0.2201

File size:

3 MB (3,133,984 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\blank.exe

Digital Signature

Signed by:

LLC Audit Firm ACTIVE - AUDIT

Authority:

COMODO CA Limited

Valid from:

3/16/2015 8:00:00 AM

Valid to:

3/16/2016 7:59:59 AM

Subject:

CN=LLC Audit Firm ACTIVE - AUDIT, O=LLC Audit Firm ACTIVE - AUDIT, STREET="Street General Naumov, 23-B", L=Kiev, S=Kiev, PostalCode=03115, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

009DD2457F22EC67AC4CCB9B15FE641C49

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:jgKPQues0t39cB5rOzeJ7bBkAGBBJzEWkNgalIcxf/G3oH3/+OMsQplEFHc+qq5j:jBzedt396Wct4BEWkNgWIcVG3uP+OESP

Entry address:

0x9EB9B0

Entry point:

60, BE, 00, 20, B7, 00, 8D, BE, 00, F0, 88, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

2.5 MB (2,596,864 bytes)

The file blank.exe has been seen being distributed by the following URL.

http://2mtsbajyxxpmvv3.bl-up.ru/YWFmZ2NyYnNxZ3Z1dmd3ZG55cmtnZmV7InNpZCI6IjU1NjQiLCJ1cmwiOiJodHRwOlwvXC9tYXh0b3JyZW50LnByb1wvTWF4VG9ycmVudC5leGUiLCJuYW1lIjoiYmxhbmsuZXhlIiwidHlwZSI6Im5vdGVwYWQiLCJzaXplIjoxNTI0MzMzLCJ2ZXIiOiIxIiwicm5kMCI6ImIzOWMwZTA5Y2QzZjhjOTUxMzY4NjZmNjhiODVhOTUxIn0,

Remove blank.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.