home

daemon_tools_pro_advanced_6.1_key.exe

LLC Audit Firm ACTIVE - AUDIT

The application daemon_tools_pro_advanced_6.1_key.exe by LLC Audit Firm ACTIVE - AUDIT has been detected as adware by 17 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from ejfadrirru.nedelya-angarsk.ru.
Publisher:
LLC Audit Firm ACTIVE - AUDIT  (signed and verified)

Version:
1.0.0.0

MD5:
3a631ce85c716f91284928845e62efed

SHA-1:
05fc3deef5910993f4753982b176e6aa2dd4a43a

SHA-256:
72553260f2a4d292ac8559b82b1cc8a35ec060f392db168080bcecf524dc3cc3

Scanner detections:
17 / 68

Status:
Adware

Analysis date:
11/27/2024 9:42:42 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
BundleApp
2016.0.3132

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallMonster.KS
21850

Dr.Web
Trojan.InstallMonster.1222
9.0.1.05190

ESET NOD32
Win32/InstallMonstr.JT potentially unwanted (variant)
9.11510

F-Prot
W32/Trojan5.LXL
4.6.5.141

herdProtect (fuzzy)
variant of аккаунт варфейс 45 ранг бесплатно.exe (Adware)
2015.7.22.21

IKARUS anti.virus
Gen.AdWare.SMSHoax
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15663

Malwarebytes
PUP.Optional.InstallMonster
v2015.04.21.05

Reason Heuristics
Threat.AuditFirmACTIVEAUDIT
15.4.21.12

Sophos
Install Monster
4.98

Vba32 AntiVirus
AdWare.InstallMonster
3.12.26.3

VIPRE Antivirus
Threat.5064197
39354

Zillya! Antivirus
Adware.InstallMonster.Win32.156
2.0.0.2147

File size:
7.9 MB (8,236,064 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
LLC Audit Firm ACTIVE - AUDIT

Authority:
COMODO CA Limited

Valid from:
3/16/2015 6:00:00 AM

Valid to:
3/16/2016 5:59:59 AM

Subject:
CN=LLC Audit Firm ACTIVE - AUDIT, O=LLC Audit Firm ACTIVE - AUDIT, STREET="Street General Naumov, 23-B", L=Kiev, S=Kiev, PostalCode=03115, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009DD2457F22EC67AC4CCB9B15FE641C49

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:VGFcqmEvfNPwIXlxjHH1HHHH3WBLn/VKuz/1Cpk:VMcqmRelb2tNYpk

Entry address:
0x328BD4

Entry point:
55, 8B, EC, 83, C4, E8, 53, B8, D4, 7D, 72, 00, E8, 0B, EF, CD, FF, 33, C0, 55, 68, 6B, A0, 72, 00, 64, FF, 30, 64, 89, 20, 33, C0, A3, 58, E6, 76, 00, C6, 05, 7C, E6, 76, 00, A7, C6, 05, 7E, E6, 76, 00, FC, C6, 05, 7F, E6, 76, 00, 9C, C6, 05, 81, E6, 76, 00, 4F, A1, 58, E6, 76, 00, 0F, B6, 80, 7C, E6, 76, 00, 3D, A6, 00, 00, 00, 7D, 14, 83, E8, 11, 72, 30, 83, E8, 2B, 72, 3E, 83, E8, 6A, 72, 45, E9, 52, 0E, 00, 00, 05, 5A, FF, FF, FF, 83, E8, 04, 72, 49, 83, E8, 50, 0F, 82, 85, 09, 00, 00, 83, E8, 06, 0F...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.2 MB (3,314,176 bytes)

The file daemon_tools_pro_advanced_6.1_key.exe has been seen being distributed by the following URL.

http://ejfadrirru.nedelya-angarsk.ru/dnR4dGp0dHJvYnFqaXRycGllY3R0cnZudHptZnBneyJzaWQiOiIzODI2IiwidXJsIjoiaHR0cDpcL1wvZ29sZGZpbGVzLm9yZ1wvbG9hZFwvMjExMTAwMDA1MyZuYW1lPURBRU1PTi1Ub29scy1Qcm8tQWR2YW5jZWQtNi4xLWtleS56aXAiLCJuYW1lIjoiZGFlbW9uLXRvb2xzLXByby1hZHZhbmNlZC02LjEta2V5LmV4ZSIsInR5cGUiOiJhcmNoaXZlIiwic2l6ZSI6IjYwNzE2NjciLCJ2ZXIiOiIxIiwicm5kMCI6IjRhNzQ2ZjYyZGQyZTRlZWM4ZjRlODFjNTg4M2VhNWVlIn0,

Remove daemon_tools_pro_advanced_6.1_key.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.