dhcp-installer.exe

Antamedia DHCP

ANTAMEDIA MDOO

The executable dhcp-installer.exe, “Antamedia DHCP Installer” has been detected as malware by 3 anti-virus scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Antamedia DHCP by Antamedia. The file has been seen being downloaded from software-files-a.cnet.com.
Publisher:
Antamedia  (signed by ANTAMEDIA MDOO)

Product:
Antamedia DHCP

Description:
Antamedia DHCP Installer

Version:
1.5.0.0

MD5:
a7408fed757f8718acd032db5d1b17f0

SHA-1:
718dcc7848d55f7a7f0ca9fb8bbab654e1c0e3c2

SHA-256:
083585e1ba6628380734bc7aa1c95726e366f90f07173a0942d8b3f2f7c4baf1

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
11/26/2024 4:33:57 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Malpacked5.Gen
2015.02.26

Dr.Web
Trojan.Popclick.47
9.0.1.0238

Malwarebytes
Trojan.Downloader
v2015.08.26.08

File size:
4.9 MB (5,147,424 bytes)

Product version:
1

Copyright:
Antamedia

Trademarks:
Antamedia

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\dhcp-installer.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/23/2009 7:00:00 PM

Valid to:
2/24/2010 6:59:59 PM

Subject:
CN=ANTAMEDIA MDOO, OU=Secure Application Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ANTAMEDIA MDOO, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
61FBEB94EE917AD708013E0003F1123B

File PE Metadata
Compilation timestamp:
8/28/2009 4:41:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:gpPYXaeTnDzh2obWjeh47aA+ehVn/l8uvBJhWBHfAvrGTWXgHbz:wY72veKW9e3/eu/hWBHwW2Sbz

Entry address:
0x71A000

Entry point:
68, 80, A0, B1, 00, 68, 85, 90, FF, 00, 68, 00, 00, 00, 00, E8, 71, F0, 4D, 00, E9, 1F, 4C, 9E, FF, 40, 28, 23, 29, 50, 4B, 4C, 49, 54, 45, 33, 32, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 31, 39, 39, 38, 20, 50, 4B, 57, 41, 52, 45, 20, 49, 6E, 63, 2E, 2C, 20, 41, 6C, 6C, 20, 52, 69, 67, 68, 74, 73, 20, 52, 65, 73, 65, 72, 76, 65, 64, 20, 28, 24, 52, 65, 76, 69, 73, 69, 6F, 6E, 3A, 20, 24, 29, 00, 50, 4B, 4C, 54, 33, 32, 00, 00, 10, 01, 00, 00, A6, 41, 98, 4A, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.9971

Packer / compiler:
PKLITE32, 0x1.1

Code size:
4.9 MB (5,109,248 bytes)

Program Uninstaller
Program name:
Antamedia DHCP

Display publisher:
Antamedia

Uninstall string:
C:\users\{user}\downloads\dhcp-installer.exe -u


The file dhcp-installer.exe has been seen being distributed by the following URL.

Remove dhcp-installer.exe - Powered by Reason Core Security