ff331ea7bbf32ca6b5d868575c0e6d10.pe

Lavasoft Limited

The file ff331ea7bbf32ca6b5d868575c0e6d10.pe has been detected as malware by 17 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Lavasoft Limited  (signed and verified)

MD5:
ff331ea7bbf32ca6b5d868575c0e6d10

SHA-1:
a2b20a13142fd104f5812195a7bdf95a06b00084

SHA-256:
12e804839ca3b20dd793d57ed984da437b9e2f4fe15d34c81418aee99dbd4ea3

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/28/2024 2:14:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.90713
-7

Arcabit
Trojan.Razy.D16259
1.0.0.742

avast!
Win32:Malware-gen
2014.9-170210

AVG
Downloader.Generic14
2018.0.2471

Baidu Antivirus
Win32.Trojan.WisdomEyes.151026.9950
4.0.3.17210

Bitdefender
Gen:Variant.Razy.90713
1.0.20.205

Dr.Web
Trojan.Nymaim.36
9.0.1.041

Emsisoft Anti-Malware
Gen:Variant.Razy.90713
8.17.02.10.12

ESET NOD32
Win32/TrojanDownloader.Nymaim.BA
11.14009

Fortinet FortiGate
W32/Kryptik.FEUO!tr
2/10/2017

F-Secure
Gen:Variant.Razy.90713
11.2017-10-02_6

G Data
Gen:Variant.Razy.90713
17.2.25

K7 AntiVirus
Trojan-Downloader
13.237.20655

McAfee
Artemis!FF331EA7BBF3
5600.6127

MicroWorld eScan
Gen:Variant.Razy.90713
18.0.0.123

Panda Antivirus
Trj/GdSda.A
17.02.10.12

Qihoo 360 Security
HEUR/QVM20.1.0000.Malware.Gen
1.0.0.1120

File size:
681.6 KB (697,976 bytes)

Common path:
C:\users\{user}\downloads\virussignlist_free_160831\samples\ff331ea7bbf32ca6b5d868575c0e6d10.pe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/28/2011 1:00:00 AM

Valid to:
1/28/2013 12:59:59 AM

Subject:
CN=Lavasoft Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lavasoft Limited, L=Sliema, S=SLM, C=MT

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CEC887E3A0E10A63F47C72B25751AB9

File PE Metadata
Compilation timestamp:
9/11/2009 11:27:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.104

Entry address:
0x1000

Entry point:
BF, 1C, 09, 00, 00, 68, AD, 08, 00, 00, A3, 52, 9A, 40, 00, 68, 3A, 98, 40, 00, 6A, 00, FF, 15, 1C, 70, 40, 00, 68, 97, 0C, 00, 00, 57, A3, 52, 9A, 40, 00, 68, 3A, 98, 40, 00, 68, 00, 30, 40, 00, 6A, 00, 68, 5A, 9A, 40, 00, 6A, 00, FF, 15, A4, 70, 40, 00, A3, 52, 9A, 40, 00, 68, 56, 9A, 40, 00, 68, 52, 9A, 40, 00, FF, 15, A8, 70, 40, 00, 0A, C0, 0F, 85, 63, 04, 01, 00, 8B, EC, 81, EC, 6C, 02, 00, 00, 8B, 3D, BC, 91, 40, 00, 2B, 3D, 92, B8, 40, 00, C1, E7, 05, D1, EF, 81, C7, 0B, 7D, 00, 00, 89, 3D, C3, 86...
 
[+]

Code size:
23.5 KB (24,064 bytes)

Remove ff331ea7bbf32ca6b5d868575c0e6d10.pe - Powered by Reason Core Security