» [julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe
Overview
Analysis
File Details
Downloads (91)

[julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe

Closed Joint-Stock Company

The application [julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe by Closed Joint-Stock Company has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from amazingstorez.net and multiple other hosts.

File name:

Publisher:

Closed Joint-Stock Company (signed and verified)

MD5:

0f08c3912974d81ab6911d6eec9dac0c

SHA-1:

6cabb01091e83d858563a6c6a5991395b8c34117

SHA-256:

43d2133999cda9e3d92a8e55d56d14eedf3acf92f4f236a783a6e6de6edfd1e3

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

11/15/2024 3:34:02 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/DH

2015.0.3375

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.5.0

McAfee

Artemis!0F08C3912974

5600.7031

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.ClosedJointStockCompany.

14.8.21.23

Sophos

Install Core Click run software

4.98

Trend Micro House Call

Suspicious_GEN.F47V0821

7.2.233

VIPRE Antivirus

GetPrivate

32422

File size:

1.5 MB (1,575,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\[julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe

Digital Signature

Signed by:

Closed Joint-Stock Company

Authority:

COMODO CA Limited

Valid from:

9/10/2013 8:00:00 PM

Valid to:

9/10/2016 7:59:59 PM

Subject:

CN="Closed Joint-Stock Company ""V.X. Technocom", O="Closed Joint-Stock Company ""V.X. Technocom", STREET="Staromonetnyi per. 14, bld. 2", L=Moscow, S=Moscow, PostalCode=119180, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

422C9081573539C78689D8F203970268

File PE Metadata

Compilation timestamp:

8/20/2014 8:06:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:ehNWVrqu4cf4oaDuFmdcDuFmMDudmOn14mBFgcma4QorNzdV1:mE4oV4t4/QC14RA4QorH7

Entry address:

0x392CC

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, CC, 68, 43, 00, E8, 51, 07, FD, FF, 33, D2, 55, 68, FC, 92, 43, 00, 64, FF, 32, 64, 89, 22, E8, 76, D3, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 16, E9, AB, C1, FC, FF, 01, 00, 00, 00, D0, A7, 40, 00, 0D, 93, 43, 00, E8, C6, C4, FC, FF, 5F, 5E, 5B, E8, 12, CA, FC, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

224 KB (229,376 bytes)

The file [julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe has been seen being distributed by the following 50 URLs.

http://amazingstorez.net/index.php/.../KYkQz?&rk=82273158&channel=7350

http://amazingstorez.net/index.php/.../OnBYh?&rk=74907140&channel=7350

http://amazingstorez.net/index.php/.../FygFu?&rk=86922862&channel=7353

http://amazingstorez.net/index.php/.../gozZP?&rk=5477967&channel=7348

http://amazingstorez.net/index.php/.../JHzRI?&rk=4238547&channel=7350

http://amazingstorez.net/index.php/.../RTZeF?&rk=15425919&channel=7352

http://amazingstorez.net/index.php/.../kgxfU?&rk=63132598&channel=7352

http://amazingstorez.net/index.php/.../WYZGh?&rk=53292863&channel=7350

http://amazingstorez.net/index.php/.../kefCp?&rk=63010437&channel=7350

http://amazingstorez.net/index.php/.../CdKhk?&rk=46909108&channel=7353

http://amazingstorez.net/index.php/.../AwEEm?&rk=38445504&channel=7351

http://amazingstorez.net/index.php/.../GChuW?&rk=56142520&channel=7352

http://amazingstorez.net/index.php/.../lKVpW?&rk=5833939&channel=7350

http://amazingstorez.net/index.php/.../ypetY?&rk=63059485&channel=7351

http://amazingstorez.net/index.php/.../ldlmp?&rk=64205284&channel=7352

http://amazingstorez.net/index.php/.../rzJCz?&rk=11191469&channel=7351

http://amazingstorez.net/index.php/.../Wceuf?&rk=37311348&channel=7352

http://amazingstorez.net/index.php/.../WHNTH?&rk=99351307&channel=7352

http://amazingstorez.net/index.php/.../rafZi?&rk=25014378&channel=7350

http://amazingstorez.net/index.php/.../OyPfv?&rk=16197628&channel=7350

http://amazingstorez.net/index.php/.../VCKvq?&rk=21624105&channel=7351

http://amazingstorez.net/index.php/.../gwrjZ?&rk=92073916&channel=7350

http://amazingstorez.net/index.php/.../gveXh?&rk=18174971&channel=7350

http://amazingstorez.net/index.php/.../EDils?&rk=17203969&channel=7352

http://amazingstorez.net/index.php/.../mzOoB?&rk=77964805&channel=7351

http://amazingstorez.net/index.php/.../yYOAu?&rk=7077779&channel=7352

http://amazingstorez.net/index.php/.../mRmuq?&rk=25478284&channel=7351

http://amazingstorez.net/index.php/.../kLSHS?&rk=55535127&channel=7350

http://amazingstorez.net/index.php/.../xUxOb?&rk=32676176&channel=7350

http://amazingstorez.net/index.php/.../WcHPU?&rk=49735220&channel=7352

Latest 30 of 91 download URLs

Remove [julesjordan]_riley_reid_(pov_epic_facial_blast_-_faces_loaded_-.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.