drastic_r2.2.1.2a.apk.exe

The application drastic_r2.2.1.2a.apk.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from b.goody-office.xyz.
MD5:
ac6b43a3f6fb633cd6b8ff23a84acc2d

SHA-1:
fe75c024cd7f5d32d6ad36bdbf45398683e834f9

SHA-256:
3093948dafdd01488fed800441dd199b6b55f6728931e68afa7fefbbd5777191

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/27/2024 8:49:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.46
5687224

AhnLab V3 Security
Win-PUP/MultiPlug
2015.06.07

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

Arcabit
Trojan.Adware.Mplug.46
1.0.0.425

Bitdefender
Gen:Variant.Adware.Mplug.46
1.0.20.785

Dr.Web
Trojan.Crossrider1.33816
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.46
10.0.0.5366

ESET NOD32
Win32/Adware.MultiPlug.LX application
7.0.302.0

F-Secure
Gen:Variant.Adware.Mplug
5.14.151

G Data
Gen:Variant.Adware.Mplug.46
15.6.25

K7 AntiVirus
Trojan
13.204.16151

McAfee
MultiPlug-FXN
5600.6742

MicroWorld eScan
Gen:Variant.Adware.Mplug.46
16.0.0.471

Norman
Gen:Variant.Adware.Mplug.46
02.06.2015 14:23:46

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.6.17

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.4

File size:
2.5 MB (2,606,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp\drastic_r2.2.1.2a.apk.exe

File PE Metadata
Compilation timestamp:
1/29/2012 12:33:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:tJtnvp3w3T/B4EW2nnMv1i0ka3APJ/GNzRmDL3TdV95JK/sgp:LtvpQT/SEWYnMY0FkJ/2iN9o

Entry address:
0x214678

Entry point:
E8, 54, 12, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 26, 64, 00, E8, 62, 17, 00, 00, E8, 21, 14, 00, 00, 0F, B7, F0, 6A, 02, E8, E7, 11, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C8, 0B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
1.5593

Code size:
2.1 MB (2,201,600 bytes)

The file drastic_r2.2.1.2a.apk.exe has been seen being distributed by the following URL.

Remove drastic_r2.2.1.2a.apk.exe - Powered by Reason Core Security