malwarebytes-anti-exploit-premium-1.06.1.1012-rc1.torrent.exe

LLC 1GB

The application malwarebytes-anti-exploit-premium-1.06.1.1012-rc1.torrent.exe by LLC 1GB has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from download-host66.ru.
Publisher:
LLC 1GB  (signed and verified)

Version:
2.8.1.0

MD5:
0abbb5f05da10b1ef2e09006e1f25802

SHA-1:
2dd32c201db15b1f84f1c7401ae323fb75b845ed

SHA-256:
ae053c9d4125be41b09c76f36acd8fe06c5a6b2dc012fb9695a4e71c19a217e2

Scanner detections:
18 / 68

Status:
Adware

Analysis date:
12/26/2024 5:29:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DlHelper.2
5679742

avast!
Downloader-VWK [PUP]
150319-1

AVG
Downloader
2016.0.3141

Bitdefender
Gen:Variant.Application.Bundler.DlHelper.2
1.0.20.515

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Zadved.61
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DlHelper
9.0.0.4799

ESET NOD32
Win32/Dlhelper.D potentially unwanted (variant)
9.11465

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.13.68

G Data
Gen:Variant.Application.Bundler.DlHelper
15.4.25

K7 AntiVirus
Unwanted-Program
13.202.15572

MicroWorld eScan
Gen:Variant.Application.Bundler.DlHelper.2
16.0.0.309

NANO AntiVirus
Trojan.Win32.Zadved.dqcozf
0.30.10.952

Norman
Gen:Variant.Graftor.163346
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.04.13.10

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.13.6

VIPRE Antivirus
Threat.5064197
38882

Zillya! Antivirus
Trojan.Black.Win32.30247
2.0.0.2136

File size:
1.1 MB (1,123,808 bytes)

Product version:
2.8.1.0

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/10/2015 2:00:00 AM

Valid to:
2/11/2016 1:59:59 AM

Subject:
CN=LLC 1GB, O=LLC 1GB, STREET="Zakrevskogo, budynok 9-A", L=Kyyiv, S=Kyyiv, PostalCode=02217, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7C14941962D8F7B8E48D874D266831CF

File PE Metadata
Compilation timestamp:
4/2/2015 8:04:10 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:dX4GVpcPHjKHTDtIDtxlLdAmOaLGDs6fozCVBaxBhbCBU:V4qeGzBAtbZ5GDdouzaPhe

Entry address:
0x300DF0

Entry point:
60, BE, 00, E0, 5F, 00, 8D, BE, 00, 30, E0, FF, C7, 87, 34, 1C, 29, 00, 3A, 6D, 02, 0A, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
1 MB (1,064,960 bytes)

The file malwarebytes-anti-exploit-premium-1.06.1.1012-rc1.torrent.exe has been seen being distributed by the following URL.