home

icloudactivationlockbypass2016__7934_il55239.exe

Verizon

LLC

The application icloudactivationlockbypass2016__7934_il55239.exe, “Verizon center inst” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from 482204.allhotdownload.online.
Publisher:
Verizon Center  (signed by LLC )

Product:
Verizon

Description:
Verizon center inst

Version:
17.0.6.44

MD5:
47882bb00ba6a5b371c9d4e3a7625f72

SHA-1:
794cfa24a7f6a9a5d0894d0d6f744b1e84ced1e0

SHA-256:
1ed1ecca7cea71eec919381d71f2dd0d76401e5ef9ab7ccc21e17b743a484945

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/22/2024 8:23:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.VerizonCenter (M)
16.2.28.12

File size:
780.2 KB (798,907 bytes)

Product version:
17.0.6.44

Copyright:
Verizon

Original file name:
buider.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\icloudactivationlockbypass2016__7934_il55239.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
2/11/2016 12:00:00 AM

Valid to:
2/10/2017 11:59:59 PM

Subject:
CN="LLC ""VEST-IT""", OU=IT, O="LLC ""VEST-IT""", STREET="vul. Hrabyanky, 5", L=Lviv, S=Lvivska, PostalCode=79053, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F2B96FBD1E383D2B1F4AC296F33D9FFA

File PE Metadata
Compilation timestamp:
2/27/2016 12:15:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:QMR2vLsNyaTKhBPg1rP9dpL3y7YK/tL1H0lP3IbQQG8xROItDYw:QMR2zoxTalEGrtLy18GItF

Entry address:
0xA9DF

Entry point:
E8, 1B, 3D, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 6A, 00, FF, 15, 10, D0, 41, 00, C3, FF, 15, 14, D0, 41, 00, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, FF, 35, D4, 21, 42, 00, FF, 15, 18, D0, 41, 00, FF, D0, 5D, C2, 04, 00, A1, D0, 21, 42, 00, C3, 8B, FF, 56, FF, 35, D4, 21, 42, 00, FF, 15, 18, D0, 41, 00, 8B, F0, 85...
 
[+]

Entropy:
7.8241  (probably packed)

Code size:
109 KB (111,616 bytes)

The file icloudactivationlockbypass2016__7934_il55239.exe has been seen being distributed by the following URL.

http://482204.allhotdownload.online/download3.php?x=b6663428d2a83b69d997cc765a0e2657&id=bborzaa&title=iCloud-Activation-Lock-Bypass-2016&u=aHR0cDovL2ZyZWVtb25leTIwMTVnZW5lcmF0b3IuYmxvZ3Nwb3Qucm8vMjAxNi8wMS9pY2xvdWQtYWN0aXZhdGlvbi1sb2NrLWJ5cGFzcy0yMDE2Lmh0bWw

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.