» love1.exe
Overview
Analysis
File Details
Downloads (1)

love1.exe

The application love1.exe has been detected as a potentially unwanted program by 34 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s1.directxex.com.

File name:

love1.exe

Version:

0.0.0.0

MD5:

f89f495b82fc01066b8187354d5b5c7f

SHA-1:

ba36af547a13e4b1ef9df9764e9b3a029ce8f98e

SHA-256:

07a7f0ba672c11fc7d646332590d0f091e672b92c686878bb58df2e0243e1ef1

Scanner detections:

34 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 3:47:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Barys.189

786

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Backdoor/Win32.Agent

2014.11.06

Avira AntiVirus

TR/Dropper.Gen

7.11.183.62

avast!

Win32:Malware-gen

2014.9-141210

AVG

Pakes_c

2015.0.3264

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.141210

Bitdefender

Gen:Variant.Adware.Barys.189

1.0.20.1720

Bkav FE

W32.AlluserComcz.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19997

Dr.Web

Trojan.DownLoader10.19669

9.0.1.0344

Emsisoft Anti-Malware

Gen:Variant.Adware.Barys.189

8.14.12.10.02

ESET NOD32

MSIL/Bladabindi

8.10675

Fortinet FortiGate

Riskware/Agent

12/10/2014

F-Prot

W32/Trojan4.AGLX

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Barys.189

11.2014-10-12_4

G Data

Gen:Variant.Adware.Barys.189

14.12.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13888

Kaspersky

not-a-virus:HEUR:Adware.Win32.Agent

14.0.0.2817

Malwarebytes

Trojan.MSIL

v2014.12.10.02

McAfee

RDN/Generic BackDoor!zb

5600.6920

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.11104

MicroWorld eScan

Gen:Variant.Adware.Barys.189

15.0.0.1032

NANO AntiVirus

Riskware.Win32.Agent.dbqlkw

0.28.6.62995

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Quick Heal

AdWare.Agent.r3 (Not a Virus)

12.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.16E317B0!383981488

23.00.65.141208

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.15GA14

7.2.344

Trend Micro

TROJ_SPNR.15GA14

10.465.10

Vba32 AntiVirus

TrojanDownloader.Andromeda

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

34536

Zillya! Antivirus

Trojan.Agent.Win32.473828

2.0.0.1976

File size:

311 KB (318,435 bytes)

Product version:

0.0.0.0

Original file name:

Server.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\love1.exe

File PE Metadata

Compilation timestamp:

12/9/2010 7:58:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:i/JbrxUPkWY8aVlj/Oi9MzZUYXM+CaY/lU0lIBq5v5eLcWBBRZeZV8LxqlVhrFFB:Ebr+Pkp5lj/Mz+YzCV/lUia0oLcWBBmt

Entry address:

0x2E5E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

4 KB (4,096 bytes)

The file love1.exe has been seen being distributed by the following URL.

http://s1.directxex.com/.../QzHnYCypV7CeDbCqsStfew0YlE7_ZWhuqDW7NmS7LfxxrexZVc5UVC6912U28e5GU-MHOzb-IqdejEJzXwYTx8jQ4xzAzqTjwdzy

Remove love1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.