lzxb162t0.exe

Chicago Blackhawks

Smart Marketyng Solyushynz, TOV

The application lzxb162t0.exe by Smart Marketyng Solyushynz, TOV has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Chicago Blackhawks Ltd  (signed by Smart Marketyng Solyushynz, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
eb1a2f559177cd5d22fb21cb3c2aea55

SHA-1:
bdef44070bbfa370a86cbed9f89e82935c55a5d0

SHA-256:
3d2524b603a3ec068ddc614074e7b6dc805d914c382311049cb77a06743250e3

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:42:10 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Amonetize.12893
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Amonetize.64
11.5.0.6191

ESET NOD32
Win32/Amonetize.SG potentially unwanted application
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.217.1958.0

Reason Heuristics
PUP.Amonetize.SmartMar (M)
16.4.22.19

File size:
298 KB (305,176 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\lzxb162t0.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/16/2016 8:00:00 PM

Valid to:
4/17/2017 7:59:59 PM

Subject:
CN="Smart Marketyng Solyushynz, TOV", OU=IT, O="Smart Marketyng Solyushynz, TOV", STREET="VUL.Strutynskogo, 8", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4EF50BB663E4541D536358DB34EADA49

File PE Metadata
Compilation timestamp:
4/21/2016 12:09:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:8Qr++mODlselVAAmOQ2gGM4WYsKjwZ5+i3Rh2z:l++vflaLOQ2gGM40KsZAAAz

Entry address:
0x3ADD

Entry point:
E8, 7D, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, ED, 3B, 00, 89, 0D, A4, ED, 3B, 00, 89, 15, A0, ED, 3B, 00, 89, 1D, 9C, ED, 3B, 00, 89, 35, 98, ED, 3B, 00, 89, 3D, 94, ED, 3B, 00, 66, 8C, 15, C0, ED, 3B, 00, 66, 8C, 0D, B4, ED, 3B, 00, 66, 8C, 1D, 90, ED, 3B, 00, 66, 8C, 05, 8C, ED, 3B, 00, 66, 8C, 25, 88, ED, 3B, 00, 66, 8C, 2D, 84, ED, 3B, 00, 9C, 8F, 05, B8, ED, 3B, 00, 8B, 45, 00, A3, AC, ED, 3B, 00, 8B, 45, 04, A3, B0, ED, 3B, 00, 8D, 45, 08, A3, BC, ED, 3B...
 
[+]

Entropy:
7.2861

Code size:
33 KB (33,792 bytes)

Remove lzxb162t0.exe - Powered by Reason Core Security