elefante branco wp avi e rmvb legendado.exe

DEVSTATION LLC

The application elefante branco wp avi e rmvb legendado.exe by DEVSTATION has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from freeweiser.me.
Publisher:
DEVSTATION LLC  (signed and verified)

MD5:
962d0678e7f07b8ef9f3b453aa56e3b7

SHA-1:
5fe3ad382125c1d18ff02015154aba5af6b7ac03

SHA-256:
8a3f3562a8bac9640bf28b1e3e311330d8edb7c3aee904352b55502e124ad50e

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:13:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Adload.G
5603114

AhnLab V3 Security
Adware/Win32.LoadMoney
2015.06.01

Avira AntiVirus
TR/Dldr.Adload.zewqw
8.3.1.6

avast!
Downloader-ACE [PUP]
150525-2

AVG
Downloader.NSIS
2014.0.4311

Bitdefender
Adware.Adload.G
1.0.20.755

Emsisoft Anti-Malware
Adware.Adload
10.0.0.5366

ESET NOD32
NSIS/TrojanDownloader.Adload.AM trojan
7.0.302.0

Fortinet FortiGate
Adware/AdloadAM
5/31/2015

F-Secure
Adware.Adload.G
11.2015-31-05_1

G Data
Adware.Adload
15.5.25

Kaspersky
not-a-virus:AdWare.NSIS.Agent
15.0.0.543

MicroWorld eScan
Adware.Adload.G
16.0.0.453

NANO AntiVirus
Trojan.Nsis.Genome.drxdju
0.30.24.1636

Norman
Adware.Adload.G
03.12.2014 13:20:04

nProtect
Adware.Adload.G
15.05.29.01

Sophos
PUA 'AdLoad' (of type Adware)
5.14

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4785227
40552

File size:
69.6 KB (71,280 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\elefante branco wp avi e rmvb legendado.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/13/2015 9:36:38 PM

Valid to:
5/13/2016 12:08:38 PM

Subject:
CN=DEVSTATION LLC, O=DEVSTATION LLC, L=Lewes, S=Delaware, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00D9A479025BFFD61E

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:qQpQ5EP0ijnRTXJk5NHFmQ2YGTtl6TwTlJzq:qQIURTXJk5Nlx2YGZ0MTfzq

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file elefante branco wp avi e rmvb legendado.exe has been seen being distributed by the following URL.

Remove elefante branco wp avi e rmvb legendado.exe - Powered by Reason Core Security