» Jennifer.Lawrence.Naked.arhive.exe
Overview
Analysis
File Details
Downloads (1)

Jennifer.Lawrence.Naked.arhive.exe

Between Alarms

Wood Is

The application Jennifer.Lawrence.Naked.arhive.exe, “Malus Sylvestris Not” has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from newspapersons.biz.

File name:

Jennifer.Lawrence.Naked.arhive.exe

Publisher:

Wood Is

Product:

Between Alarms

Description:

Malus Sylvestris Not

Version:

0.2.8.3

MD5:

6dad924b771e139d1092d5657315d6eb

SHA-1:

462553396bd66b0c3051b4dfaaf70bb0dca9c72c

SHA-256:

b72c30f84c7fba3bfa4f339c6a0368a4a795ea11c1adc459b3a296196f445602

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

9/21/2024 2:24:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.19

6102567

AegisLab AV Signature

AdWare.MSIL.DomaIQ

2.1.4+

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

avast!

Win32:MultiPlug-DN [PUP]

141130-1

AVG

Adware Generic5.BKFP

2014.0.4189

Bitdefender

Gen:Variant.Application.Bundler.19

1.0.20.1720

Bkav FE

HW32.Paked

1.3.0.4959

Comodo Security

Application.Win32.MultiPlug.PNU

19725

Dr.Web

BackDoor.Andromeda.493

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.19

9.0.0.4668

ESET NOD32

Win32/AdWare.MultiPlug.CB application

7.0.302.0

Fortinet FortiGate

Riskware/Generic.AC.4357092

12/10/2014

F-Prot

W32/A-02d9686a

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Bundler

5.13.68

G Data

Gen:Variant.Application.Bundler.19

14.12.24

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13432

Kaspersky

not-a-virus:AdWare.Win32.MultiPlug

15.0.0.543

Malwarebytes

PUP.Optional.MultiPlug

v2014.12.10.09

McAfee

Program.MultiPlug-FOQ

16.8.708.2

MicroWorld eScan

Gen:Variant.Application.Bundler.19

15.0.0.1032

NANO AntiVirus

Trojan.Win32.XPACK.deqzzp

0.28.2.62151

Norman

Gen:Variant.Application.Bundler.19

04.12.2014 14:30:06

nProtect

Trojan-Clicker/W32.MultiPlug.870256

14.09.19.01

Panda Antivirus

PUP/TSUploader

14.12.10.09

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.10.9

Sophos

PUA 'MultiPlug' (of type Adware)

5.08

Vba32 AntiVirus

SScope.Adware.MultiPlug

3.12.26.3

File size:

845.5 KB (865,792 bytes)

Product version:

0.7.4.6

Original file name:

Jennifer.Lawrence.Naked.arhive.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\downloads\jennifer.lawrence.naked.arhive.exe

File PE Metadata

Compilation timestamp:

10/23/2013 5:22:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:2YG0rMeL+D+JN5mH058R3S5c1mnvCy6eRFdQ8:2lZeyD+W058Rqc0nqyq8

Entry address:

0x16A37

Entry point:

E8, 66, 43, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 23, 4D, 00, E8, E3, 10, 00, 00, E8, 33, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, F9, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 52, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

131 KB (134,144 bytes)

The file Jennifer.Lawrence.Naked.arhive.exe has been seen being distributed by the following URL.

http://newspapersons.biz/v2729/lp/?q=cBcYUBNJgUXd89/XZTKUZFI1kDBBCIlwLXIA2zYw8CpyhixTM DoFn/ljeKceQu3dbS8DADVMw qflBjo01KXqJav3PNCS7ocmzgZNQNQig3t6V/elm/FUMyHb0C7e7jFIW12NQ0/6l0YgyVEqmzUoBhnG3mz7r/wOtTEmx52cPVUg62mdYTQAS7ESGLNaqUzyAg9PQkLj/HhCXANKsZjeCoAHukGFSvvRaqoizPnSt1IKhT/.../Nfmuf&external_id=1410327215833108970

Remove Jennifer.Lawrence.Naked.arhive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.