ic-0.bd789a1aacc5a.exe

The application ic-0.bd789a1aacc5a.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from d1nfd67owozfyu.cloudfront.net and multiple other hosts.
MD5:
a2bd113ec79d837a39153d1c14451d13

SHA-1:
e80fa6271e4a970af8e53661b465448a33fa1807

SHA-256:
6c49c79a3cc873029d1eda3e39cf2252c88b87f3600f61b9afbf9355fa33eacf

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:32:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.28454
5711090

Arcabit
Trojan.Adware.Mikey.D6F26
1.0.0.629

AVG
Adware Generic_r.AXL
2015.0.4477

Bitdefender
Gen:Variant.Adware.Mikey.28454
1.0.20.1740

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.28454
10.0.0.5366

F-Secure
Gen:Variant.Adware.Mikey
5.15.21

G Data
Gen:Variant.Adware.Mikey.28454
15.12.25

IKARUS anti.virus
AdWare.Amonetize
t3scan.1.9.5.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.972

MicroWorld eScan
Gen:Variant.Adware.Mikey.28454
16.0.0.1044

Norman
Gen:Variant.Adware.Mikey.28454
12.12.2015 20:21:58

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
Threat.Win.Reputation.IMP
15.12.15.0

File size:
305.5 KB (312,832 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.bd789a1aacc5a.exe

File PE Metadata
Compilation timestamp:
12/14/2015 12:55:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:qLU6Gvk/yDmhGAzICvD0q6H+RMtc/HszLkoJIq9f:f66kq7AkaH6osc/MzAOf

Entry address:
0x4176

Entry point:
E8, C2, 1F, 00, 00, E9, 39, FE, FF, FF, E9, 7E, 26, 00, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 10, B4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 10, B4, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, F8, B3, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, F8, B3, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56...
 
[+]

Entropy:
6.5136

Code size:
100 KB (102,400 bytes)

The file ic-0.bd789a1aacc5a.exe has been seen being distributed by the following 5 URLs.

Remove ic-0.bd789a1aacc5a.exe - Powered by Reason Core Security