» install.exe
Overview
Analysis
File Details
Downloads (1)

install.exe

AZOVEKOGRUP LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application install.exe by AZOVEKOGRUP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the ProfitServis Downloader installer. The file has been seen being downloaded from lfdgd.fobamgher.ru.

File name:

install.exe

Publisher:

AZOVEKOGRUP LLC (signed and verified)

Version:

1.0.0.0

MD5:

a171dcef6a409e9df8c585d7fddbdce4

SHA-1:

d2f69f87252b377632f0b93848727c04fb479803

SHA-256:

bee9111861036f88f548694bfbd7c3cc820373b9f8a1c4f966a94846ca38be22

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

12/26/2024 6:39:00 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ProfitServis (M)

16.8.5.16

File size:

5.1 MB (5,375,816 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

ProfitServis Downloader

Common path:

C:\users\{user}\downloads\install.exe

Digital Signature

Signed by:

AZOVEKOGRUP LLC

Authority:

Thawte, Inc.

Valid from:

11/21/2014 6:00:00 AM

Valid to:

11/22/2015 5:59:59 AM

Subject:

CN=AZOVEKOGRUP LLC, O=AZOVEKOGRUP LLC, L=Marіupol, S=Wisconsin, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3177A159A9C4340E59630C167AA87721

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:yHsu2DtIzWROyxotFzkYuHAkUNQHccFme7/78JiP7DHKdnImoiXfOI+I4z5QYrYu:yB2DtNOS6BhkUzcFnnws7DHwIr6O/z55

Entry address:

0x751270

Entry point:

60, BE, 00, 40, 6F, 00, 8D, BE, 00, D0, D0, FF, C7, 87, A4, 10, 37, 00, 1E, 41, BC, 7C, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

4.4 MB (4,579,328 bytes)

The file install.exe has been seen being distributed by the following URL.

http://lfdgd.fobamgher.ru/eyJ2ZXIiOiIxIiwic2lkIjoiNDYxNyIsInVybCI6Imh0dHA6Ly9yZXRyaWNhLnJ1L2luc3RhbGwuZXhlIiwibmFtZSI6Imluc3RhbGwuZXhlIiwidHlwZSI6InNldHVwIiwic2l6ZSI6IjYxMjgwMDAiLCJybmQwIjo3MDA3MTc0NTU3MDc0OX0

Remove install.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.