ed sheeran - i see fire.mp3.exe

iDatix Corporation

The application ed sheeran - i see fire.mp3.exe by iDatix has been detected as a potentially unwanted program by 24 anti-malware scanners. The file has been seen being downloaded from load.rloadload.com.
Publisher:
iDatix Corporation  (signed and verified)

MD5:
f193820cc6e84f1de2e627182029dbbe

SHA-1:
5b5a72ae481633dcce3a3e7c7af5e72c107f9351

SHA-256:
a2c3442b2c4f80f5b555a8430677a8acbe8c682954a1f40c8b4b66c92c0d1970

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:23:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.55305
899

Agnitum Outpost
PUA.Toolbar
7.1.1

AhnLab V3 Security
PUP/Win32.Webalta
2014.08.20

Avira AntiVirus
ADWARE/Adware.Gen
7.11.168.26

avast!
Win32:Adware-gen [Adw]
140813-1

AVG
Win.Threat.Medium
2014.0.3986

Bitdefender
Gen:Variant.Adware.Strictor.55305
1.0.20.1160

Comodo Security
Application.Win32.AgentCV.IAS
19252

Dr.Web
Adware.Downware.1172, Adware.Downware.1666
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.55305
8.14.08.20.04

ESET NOD32
Win32/AdWare.Toolbar.Webalta.GK application
7.0.302.0

F-Secure
Gen:Variant.Adware.Strictor.55305
11.2014-20-08_4

G Data
Gen:Variant.Adware.Strictor.55305
14.8.24

IKARUS anti.virus
PUA.Toolbar
t3scan.1.7.5.0

K7 AntiVirus
Adware
13.202.15416

MicroWorld eScan
Gen:Variant.Adware.Strictor.55305
15.0.0.696

NANO AntiVirus
Riskware.Win32.Downware.domrqu
0.30.8.659

Norman
Gen:Variant.Adware.Strictor.58276
11.20150409

Reason Heuristics
PUP.iDatixCorporation.AA
14.8.12.15

Rising Antivirus
PE:Adware.Strictor!6.247D
23.00.65.15407

Sophos
WebAlta Toolbar
4.98

Vba32 AntiVirus
Downware.iDatix.gen
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Trojan.Black.Win32.22466
2.0.0.2120

File size:
1.6 MB (1,699,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ed sheeran - i see fire.mp3.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/10/2012 7:00:00 AM

Valid to:
10/2/2015 6:59:59 AM

Subject:
CN=iDatix Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iDatix Corporation, L=Clearwater, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6A2BECD74BF6AAF73D2D909F5C4A93CD

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0Ck5eO59I27Qji5XNJ/ufHaDSQ8InG/ZRdGLJkD0FJ0sM9xZH3r6OOjYpk34X1oN:9OM2U+hbeAGhiLiD030sMZbVOjWZX1w

Entry address:
0xE2C34

Entry point:
55, 8B, EC, 83, C4, F0, B8, 5C, 29, 4E, 00, E8, D0, 3E, F2, FF, A1, D4, 5E, 4E, 00, 8B, 00, E8, C8, 1F, F8, FF, 8B, 0D, 04, 5B, 4E, 00, A1, D4, 5E, 4E, 00, 8B, 00, 8B, 15, 58, F0, 49, 00, E8, C8, 1F, F8, FF, 8B, 0D, C0, 5A, 4E, 00, A1, D4, 5E, 4E, 00, 8B, 00, 8B, 15, D8, ED, 49, 00, E8, B0, 1F, F8, FF, 8B, 0D, 40, 5E, 4E, 00, A1, D4, 5E, 4E, 00, 8B, 00, 8B, 15, E4, 26, 4E, 00, E8, 98, 1F, F8, FF, A1, D4, 5E, 4E, 00, 8B, 00, E8, 0C, 20, F8, FF, E8, F7, 17, F2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2726

Developed / compiled with:
Microsoft Visual C++

Code size:
903.5 KB (925,184 bytes)

The file ed sheeran - i see fire.mp3.exe has been seen being distributed by the following URL.

Remove ed sheeran - i see fire.mp3.exe - Powered by Reason Core Security