limportanza_di_chiamarsi_ernest_-_rupert_everett_-_colin_firth_-_divx_-_ita_mp3_commedia.exe

DDLR LTD

The application limportanza_di_chiamarsi_ernest_-_rupert_everett_-_colin_firth_-_divx_-_ita_mp3_commedia.exe by DDLR has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.directdownloader.com.
Publisher:
DDLR LTD  (signed and verified)

MD5:
223054d45235b48a62fae758105e7638

SHA-1:
1ec2b09d5b8d0e30d683cdc3ea9806e998fe197c

SHA-256:
6a5d1f290cca682d49b9e06c3431604aef3b2efe4617afd67298c24866650527

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/5/2024 3:34:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.91050
925

Avira AntiVirus
Adware/DirectDown.A
7.11.163.240

avast!
Win32:Downloader-QCN [PUP]
140617-1

AVG
Adware AdInstaller.DirectDownloader
2014.0.3986

Bitdefender
Gen:Variant.Adware.Kazy.91050
1.0.20.1030

Clam AntiVirus
Win.Trojan.Agent-388526
0.98/19185

Comodo Security
Application.Win32.DirectDown.B
18965

Dr.Web
Trojan.DownLoader6.63221
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.91050
8.14.07.25.08

ESET NOD32
Win32/DirectDownloader.C potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/DirectDownloader
7/25/2014

F-Prot
W32/DirectDL.A.gen
4.6.5.141

F-Secure
Gen:Variant.Adware.Kazy.91050
11.2014-25-07_6

G Data
Gen:Variant.Adware.Kazy.91050
14.7.24

IKARUS anti.virus
AdWare.DirectDownloader
t3scan.1.6.1.0

Malwarebytes
v2014.07.25.08

MicroWorld eScan
Gen:Variant.Adware.Kazy.91050
15.0.0.618

NANO AntiVirus
Trojan.Win32.DirectDown.cwmbod
0.28.2.60990

Panda Antivirus
Adware/DirectDownloader
14.07.25.08

Qihoo 360 Security
Malware.QVM01.Gen
1.0.0.1015

Reason Heuristics
PUP.DDLR.?
14.7.25.8

Rising Antivirus
PE:Trojan.DirectDownloader!1.6597
23.00.65.14723

Sophos
DirectDownloader
4.98

Trend Micro House Call
HV_DIRECTDOWNLOADER_CA233ABA.TOMC
7.2.206

VIPRE Antivirus
Threat.4150696
31208

File size:
783 KB (801,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\omniasport\documenti\downloads\limportanza_di_chiamarsi_ernest_-_rupert_everett_-_colin_firth_-_divx_-_ita_mp3_commedia.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/14/2012 2:00:00 AM

Valid to:
6/15/2014 1:59:59 AM

Subject:
CN=DDLR LTD, O=DDLR LTD, STREET="Suite 501, St James Court", STREET=St Denis Street, L=Port Louis, S=Mauritius, PostalCode=1001, C=MU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1DA1050E888FC4E39C8D63F7BE57619A

File PE Metadata
Compilation timestamp:
9/12/2012 9:59:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.21

CTPH (ssdeep):
24576:xyrSMgIRRD9lcTgw1mlFtWVqrqRXHYrmq:Mr1HxR3WVqrYHYN

Entry address:
0x1284

Entry point:
55, 89, E5, 83, EC, 18, C7, 04, 24, 02, 00, 00, 00, FF, 15, 3C, 95, 48, 00, E8, 64, FD, FF, FF, 55, 89, E5, 83, EC, 08, A1, 64, 95, 48, 00, C9, FF, E0, 66, 90, 55, 89, E5, 83, EC, 08, A1, 58, 95, 48, 00, C9, FF, E0, 90, 90, 55, 89, E5, 83, EC, 18, 8B, 0D, 84, 84, 47, 00, 85, C9, 74, 31, C7, 04, 24, 00, 90, 47, 00, E8, 18, 94, 00, 00, 52, 85, C0, 74, 23, C7, 44, 24, 04, 0E, 90, 47, 00, 89, 04, 24, E8, 0B, 94, 00, 00, 83, EC, 08, 85, C0, 74, 09, C7, 04, 24, 84, 84, 47, 00, FF, D0, C9, C3, 90, B8, 00, 00, 00...
 
[+]

Code size:
474.5 KB (485,888 bytes)

The file limportanza_di_chiamarsi_ernest_-_rupert_everett_-_colin_firth_-_divx_-_ita_mp3_commedia.exe has been seen being distributed by the following URL.