burger-shop-2-ext.exe

ExentCtl Module

Exent Technologies Ltd.

The application burger-shop-2-ext.exe by Exent Technologies has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dts1.freeridegames.com and multiple other hosts.
Publisher:
Exent Technologies Ltd.  (signed and verified)

Product:
ExentCtl Module

Version:
07.02.00.01

MD5:
c48f0b7068b861afe798aac4d68b5967

SHA-1:
8b29ff1d9389daa540bd7bca0b16a1e72eff4633

SHA-256:
35442ea941d9969b860425af731ede076a777cb811816c8d3ce1337864e84455

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:58:27 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod7ce.Trojan
1.3.0.4959

Comodo Security
TrojWare.Win32.Trojan.Agent.Gen
18257

Dr.Web
Adware.Downware.946
9.0.1.0195

Trend Micro House Call
TROJ_GEN.F47V0328
7.2.195

Zillya! Antivirus
Trojan.Jorik.Win32.160153
2.0.0.1785

File size:
764.4 KB (782,704 bytes)

Product version:
07.02.00.01

Copyright:
Copyright © 1996-2007 Exent Technologies Ltd. All rights reserved.

Original file name:
ExentCtl.ocx

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1\burger-shop-2-ext.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/29/2011 8:00:00 PM

Valid to:
4/19/2014 7:59:59 PM

Subject:
CN=Exent Technologies Ltd., OU=R&D, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Exent Technologies Ltd., L=Petah-Tikva, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
050462494E0565D5FACB8034FF1521E4

File PE Metadata
Compilation timestamp:
8/20/2008 9:51:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:UwE6qS+KnjhoSeqkeGk1YUTx4evkiGlT5R+F8l+dE+Q+oSIOC1ZlQ2sJooS1v:UR6qSPrGkyUV4eMiGRKETzOCfl5t

Entry address:
0x92B6

Entry point:
55, 8B, EC, 6A, FF, 68, 38, 24, 41, 00, 68, EC, D4, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 58, 21, 41, 00, 33, D2, 8A, D4, 89, 15, 44, 85, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 40, 85, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 3C, 85, 41, 00, C1, E8, 10, A3, 38, 85, 41, 00, 6A, 01, E8, 5C, 2F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 96, 27, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.7674

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
68 KB (69,632 bytes)

The file burger-shop-2-ext.exe has been seen being distributed by the following 2 URLs.

http://dts1.freeridegames.com/frg_site/SDM/.../Burger-shop-2.exe

Remove burger-shop-2-ext.exe - Powered by Reason Core Security