home

{blocked}.exe

PowerPack

Linkular LLC

The application {blocked}.exe by Linkular has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Linkular LLC  (signed and verified)

Product:
PowerPack

Version:
1.0.0.1040

MD5:
692d5a2cd159ee27e65923cf5570ff7b

SHA-1:
9c1d72efba9d87637e0569ccfaa9d7c3c847bb10

SHA-256:
d118cc0a9f9e78d9cd8cc966e88fbf03e60c81e9e84f3fff7616d3c00a22e36d

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/23/2024 8:21:31 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.Linkular.AH
20020

Dr.Web
Trojan.DownLoader7.10342
9.0.1.048

ESET NOD32
Win32/Adware.Linkular.AC
9.10688

K7 AntiVirus
Adware
13.185.13943

Malwarebytes
Adware.Linkular
v2015.02.17.04

McAfee
Artemis!692D5A2CD159
5600.6851

Norman
Downloader
11.20150217

Reason Heuristics
PUP.Linkular
15.2.17.16

Sophos
Generic PUA JM
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34598

File size:
55.5 KB (56,848 bytes)

Product version:
1.0.0.1040

Copyright:
Linkular LLC, 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\otshot\otshot_postinstalloffer.exe

Digital Signature
Signed by:
Linkular LLC

Authority:
GoDaddy.com, Inc.

Valid from:
8/26/2011 1:21:38 AM

Valid to:
8/26/2012 1:21:38 AM

Subject:
CN=Linkular LLC, O=Linkular LLC, L=Redondo Beach, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EC609E6ADB72F

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:84wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJ9IhoO0AVuf1w3375mMLntsri:vLXB65939tY6HBg4sXJOLnVsw337VLtX

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

Remove {blocked}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.