ky9cn15dr.exe

Philadelphia Flayers

Smart Marketyng Solyushynz, TOV

The application ky9cn15dr.exe by Smart Marketyng Solyushynz, TOV has been detected as a potentially unwanted program by 7 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Philadelphia Flayers Inc  (signed by Smart Marketyng Solyushynz, TOV)

Product:
Philadelphia Flayers

Description:
Philadelphia

Version:
2.5.1.13

MD5:
d57de86d5645daaddc0b4b379718e616

SHA-1:
06c60de002156cab3a01212d4e15a24b2c2841a3

SHA-256:
a2072ab6998d7dee74a378498940eaaa33071055c948bd620f017c18217ccc8e

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 11:09:56 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Amonetize.12893
9.0.1.05190

ESET NOD32
Win32/Amonetize.SD potentially unwanted application
8.0.319.0

F-Secure
Variant.Graftor.280695
5.15.96

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.217.1958.0

Norman
Gen:Variant.Graftor.280695
02.04.2016 17:35:19

Reason Heuristics
PUP.Amonetize.SmartMar (M)
16.4.23.19

File size:
311.5 KB (319,000 bytes)

Product version:
2.5.1.13

Original file name:
flayers.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ky9cn15dr.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 2:00:00 AM

Valid to:
4/18/2017 1:59:59 AM

Subject:
CN="Smart Marketyng Solyushynz, TOV", OU=IT, O="Smart Marketyng Solyushynz, TOV", STREET="VUL.Strutynskogo, 8", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EF50BB663E4541D536358DB34EADA49

File PE Metadata
Compilation timestamp:
4/20/2016 5:10:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Ke/aRQpammPH3gHzBolzgEZcK84h7vtZ29byP:zaRfnwHtqcP4h29GP

Entry address:
0x1DE1

Entry point:
E8, E0, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, ED, 3B, 00, 89, 0D, A4, ED, 3B, 00, 89, 15, A0, ED, 3B, 00, 89, 1D, 9C, ED, 3B, 00, 89, 35, 98, ED, 3B, 00, 89, 3D, 94, ED, 3B, 00, 66, 8C, 15, C0, ED, 3B, 00, 66, 8C, 0D, B4, ED, 3B, 00, 66, 8C, 1D, 90, ED, 3B, 00, 66, 8C, 05, 8C, ED, 3B, 00, 66, 8C, 25, 88, ED, 3B, 00, 66, 8C, 2D, 84, ED, 3B, 00, 9C, 8F, 05, B8, ED, 3B, 00, 8B, 45, 00, A3, AC, ED, 3B, 00, 8B, 45, 04, A3, B0, ED, 3B, 00, 8D, 45, 08, A3, BC, ED, 3B...
 
[+]

Entropy:
7.1897

Code size:
36.5 KB (37,376 bytes)

Remove ky9cn15dr.exe - Powered by Reason Core Security