home

ielts_testbuilder_2_72ku2.exe

ROSA LTD

The application ielts_testbuilder_2_72ku2.exe by ROSA has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from dll-wn.net.
Publisher:
ReallySoft  (signed by ROSA LTD)

Description:
installer.exe

Version:
2.1.2.3

MD5:
26828e254e4ffe4aaea7d055d7c27331

SHA-1:
87494131ed3a10af13c89afd3fc226314d269e37

SHA-256:
320116d4fdf52fb6df3b4eaf0b44348b25d8fcc8090b2ab3f17d6782c21ff4dc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/28/2024 9:53:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ROSA.Installer (M)
16.4.11.17

File size:
2.2 MB (2,342,912 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2016 ReallySoft.

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ielts_testbuilder_2_72ku2.exe

Digital Signature
Signed by:
ROSA LTD

Authority:
COMODO CA Limited

Valid from:
9/26/2014 9:00:00 AM

Valid to:
9/27/2015 8:59:59 AM

Subject:
CN=ROSA LTD, O=ROSA LTD, STREET=d. Nikulino, L=Moskovskaya obl, S=Kashirskiy rayon, PostalCode=142947, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
40D688E49E139BC003BC9099C5B15BCA

File PE Metadata
Compilation timestamp:
10/17/2014 4:46:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:oejaL6lb/R7xKYb5UQ7r+elbRVSm9veC9SoK6:Bjpl3K7Qn+ibzSm9vv9SoV

Entry address:
0xE71C

Entry point:
55, 89, E5, 81, EC, 44, 01, 00, 00, 8D, 35, E6, 15, 00, 00, 68, 12, 51, 3E, 00, E8, 57, 5D, FF, FF, 83, EC, 10, 56, 6A, 40, FF, 75, FC, 53, 6A, F6, 58, 33, D2, F7, F1, 83, F8, 02, 72, F0, B9, 66, 0B, 00, 00, 8B, D1, C1, E9, 02, 74, F4, 33, C9, 75, 14, 8B, 55, 0C, D3, EF, 8B, 4D, 08, 21, 59, 04, 8B, 5D, 0C, 75, 26, 0F, B6, 70, 19, 0F, B6, 59, 19, 2B, F3, 75, F4, C7, 85, 48, FF, FF, FF, 10, 73, 43, 00, 8B, 8D, 48, FF, FF, FF, 89, 4D, F0, 8B, CA, E8, D8, C2, FF, FF, 83, C4, 14, 8D, 46, 40, 38, 18, 74, EC, FF...
 
[+]

Entropy:
6.5951

Code size:
200 KB (204,800 bytes)

The file ielts_testbuilder_2_72ku2.exe has been seen being distributed by the following URL.

http://dll-wn.net/?id=t4e1b&name=ielts testbuilder 2&url=&nor=1&lid=wdm&sub=nn1405000nn0nnDD1_2014-10-22T06:26:37.920673 00:00nn

Remove ielts_testbuilder_2_72ku2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.