discountfrenzy.exe

Pksujf

Ajvinozfnhjmr

The application discountfrenzy.exe has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vzbucket.appscion.com.
Publisher:
Ajvinozfnhjmr

Product:
Pksujf

Description:
Wrdlygylpsschz

Version:
14.17.19.16

MD5:
82bde574ff60471593826f43c9f40159

SHA-1:
f31559de2d2b88331c254dfcf233438efc51d075

SHA-256:
f86d69f13d9be96c8d5f0e3292ed06dc5ebe98fbfd9138807e7bdce7274fefb2

Scanner detections:
7 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/24/2024 4:06:54 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Other:PUP-gen [PUP]
2014.9-140427

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Trojan.Crossrider.13943
9.0.1.0117

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3951

Reason Heuristics
PUP.Downloader.Ajvinozfnhjmr.O
14.5.13.5

Trend Micro House Call
TROJ_GEN.R047H07DF14
7.2.117

Vba32 AntiVirus
AdWare.Agent
3.12.26.0

File size:
4.2 MB (4,396,817 bytes)

Copyright:
Nqfhwqnupaxja

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\discountfrenzy.exe

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:x68DNzlrnl07dy8ucWL/CYMmXO1tODuQn+Ppfo4S4uLVaY650Oc:35zlBwdiCYMn1cD3BlAj56

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file discountfrenzy.exe has been seen being distributed by the following URL.

Remove discountfrenzy.exe - Powered by Reason Core Security