home

launchy_pcworld_downloader_24229_pc.exe

International Data Group Poland S.A.

The application launchy_pcworld_downloader_24229_pc.exe by International Data Group Poland S.A has been detected as adware by 14 anti-malware scanners.
Publisher:
International Data Group Poland S.A.  (signed and verified)

Version:
2.2.3.1

MD5:
ba6af0b0fc0b1567f080db45c6416b12

SHA-1:
b1f5c78ad011e6d017a82dfd961108c9c63c2bb6

Scanner detections:
14 / 68

Status:
Adware

Analysis date:
11/23/2024 9:00:23 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2015.03.19

avast!
Win32:SaliCode
2014.9-150319

AVG
unknown virus Win32/DH
2016.0.3192

Comodo Security
TrojWare.Win32.TrojanDownloader.banload.ek3
15701

Dr.Web
DLOADER.Trojan
9.0.1.051

IKARUS anti.virus
AdWare.Gen2
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.201.15304

Microsoft Security Essentials
Threat.Undefined
1.193.2708.0

Norman
Sality.ZHB
11.20150319

Reason Heuristics
PUP.InternationalDataGroupPolandSA
15.3.20.19

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15317

Trend Micro House Call
TROJ_GEN.F47V0324
7.2.51

Trend Micro
PE_SALITY.RL
10.465.19

VIPRE Antivirus
Threat.4721115
38552

File size:
840 KB (860,200 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
Polish

Common path:
C:\documents and settings\-\pulpit\= m o j e =\stosować do xp\launchy 2.5+++\launchy_pcworld_downloader_24229_pc.exe

Digital Signature
Signed by:
International Data Group Poland S.A.

Authority:
Thawte, Inc.

Valid from:
7/3/2012 2:00:00 AM

Valid to:
7/25/2013 1:59:59 AM

Subject:
CN=International Data Group Poland S.A., O=International Data Group Poland S.A., L=Warszawa, S=mazowieckie, C=PL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6449CCE113496CFF0A184DD37F8C47BC

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:gSNloZIqnEDBY3bhj/CQzQ2nRrYDqCa3J:FYnwY3dj/CQztRGm3J

Entry address:
0x1744C0

Entry point:
60, BE, 00, 00, 50, 00, 8D, BE, 00, 10, F0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
468 KB (479,232 bytes)

Remove launchy_pcworld_downloader_24229_pc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.