Jennifer.Lawrence.Naked.arhive.exe

Between Alarms

Wood Is

The application Jennifer.Lawrence.Naked.arhive.exe, “Malus Sylvestris Not” has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from newspapersons.biz.
Publisher:
Wood Is

Product:
Between Alarms

Description:
Malus Sylvestris Not

Version:
0.2.8.3

MD5:
6dad924b771e139d1092d5657315d6eb

SHA-1:
462553396bd66b0c3051b4dfaaf70bb0dca9c72c

SHA-256:
b72c30f84c7fba3bfa4f339c6a0368a4a795ea11c1adc459b3a296196f445602

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 5:53:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.19
6102567

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:MultiPlug-DN [PUP]
141130-1

AVG
Adware Generic5.BKFP
2014.0.4189

Bitdefender
Gen:Variant.Application.Bundler.19
1.0.20.1720

Bkav FE
HW32.Paked
1.3.0.4959

Comodo Security
Application.Win32.MultiPlug.PNU
19725

Dr.Web
BackDoor.Andromeda.493
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.19
9.0.0.4668

ESET NOD32
Win32/AdWare.MultiPlug.CB application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.4357092
12/10/2014

F-Prot
W32/A-02d9686a
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Bundler.19
14.12.24

IKARUS anti.virus
AdWare.AdPlugin
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13432

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.MultiPlug
v2014.12.10.09

McAfee
Program.MultiPlug-FOQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.19
15.0.0.1032

NANO AntiVirus
Trojan.Win32.XPACK.deqzzp
0.28.2.62151

Norman
Gen:Variant.Application.Bundler.19
04.12.2014 14:30:06

nProtect
Trojan-Clicker/W32.MultiPlug.870256
14.09.19.01

Panda Antivirus
PUP/TSUploader
14.12.10.09

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.10.9

Sophos
PUA 'MultiPlug' (of type Adware)
5.08

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
845.5 KB (865,792 bytes)

Product version:
0.7.4.6

Copyright:
All rights reserved for Wood Is LTD.

Original file name:
Jennifer.Lawrence.Naked.arhive.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\jennifer.lawrence.naked.arhive.exe

File PE Metadata
Compilation timestamp:
10/23/2013 5:22:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:2YG0rMeL+D+JN5mH058R3S5c1mnvCy6eRFdQ8:2lZeyD+W058Rqc0nqyq8

Entry address:
0x16A37

Entry point:
E8, 66, 43, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 23, 4D, 00, E8, E3, 10, 00, 00, E8, 33, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, F9, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 52, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
131 KB (134,144 bytes)

The file Jennifer.Lawrence.Naked.arhive.exe has been seen being distributed by the following URL.

Remove Jennifer.Lawrence.Naked.arhive.exe - Powered by Reason Core Security