home

mohammadreza alimardani - boghz koshandeye man _new 2014_.mp4.exe

To Minimum

In The

The application mohammadreza alimardani - boghz koshandeye man _new 2014_.mp4.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from newspapersons.biz and multiple other hosts.
Publisher:
In The

Product:
To Minimum

Description:
Powell Of

Version:
2.9.8.8

MD5:
0fb69fc14ae5a9248f4592f368628944

SHA-1:
323dcf6cfe87ffb4b685959106b54213c453e83c

SHA-256:
fd3ea2d122199a49167fc2b9e1ba072e6dff91d970b1fff7d8f15c889d203c04

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/10/2024 8:35:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Ranapama.BT
860

AegisLab AV Signature
AdWare.W32.MultiPlug
2.1.4+

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:MultiPlug-EO [PUP]
140908-2

AVG
Adware Generic5.BLII
2014.0.4025

Bitdefender
Trojan.Ranapama.BT
1.0.20.1350

Bkav FE
HW32.Paked
1.3.0.4959

Comodo Security
Application.Win32.MultiPlug.PNU
19634

Dr.Web
Trojan.Crossrider.36840
9.0.1.0317

Emsisoft Anti-Malware
Trojan.Ranapama.BT
8.14.09.27.01

ESET NOD32
Win32/AdWare.MultiPlug.CN application
7.0.302.0

F-Prot
W32/A-f9982a6d
v6.4.7.1.166

F-Secure
Trojan.Ranapama.BT
11.2014-27-09_7

G Data
Trojan.Ranapama.BT
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13504

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.494

Malwarebytes
PUP.Optional.MultiPlug
v2014.09.27.01

McAfee
MultiPlug
5600.6994

MicroWorld eScan
Trojan.Ranapama.BT
15.0.0.810

NANO AntiVirus
Riskware.Win32.MultiPlug.dfjscb
0.28.2.62286

nProtect
Trojan.Ranapama.BT
14.09.26.01

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.13.23

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
850 KB (870,400 bytes)

Product version:
0.3.5.9

Copyright:
All rights reserved for In The LTD.

Original file name:
Mohammadreza Alimardani - Boghz Koshande.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\mohammadreza alimardani - boghz koshandeye man _new 2014_.mp4.exe

File PE Metadata
Compilation timestamp:
8/15/2013 6:04:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:mvWfjsiU0nZ/NGqGitt4fSVec+jpkg9tAozUvF5Xq:IRi5/AZitt4CgEocq

Entry address:
0x17B60

Entry point:
E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, B4, 43, 00, E8, 6A, 0D, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D5, 06, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
127.5 KB (130,560 bytes)

The file mohammadreza alimardani - boghz koshandeye man _new 2014_.mp4.exe has been seen being distributed by the following 3 URLs.

http://newspapersons.biz/v2255/lp/?q=kQ9J41FqCkdaEHwysul6JwK5kn9i4tWlnriq8VKtBj94kRbrd1ahSerFPf533RuLL7hO4JyXK4EBBY4kdXHu/ kx/v6eG/04VBgmi4bYKC4jLyRS/15cWzuaVlAc4vpXeLUM1CarxbXcrvwPlymNsf4a8h51O9e0E7XgU8nPiE vfONdEeL6rnDvejStNj19kzcMvbHrvWIEtZOa9p34pwPQNgDcZIbDMCDwSYQD1jXQzH9xwtkQpbAchD04TnGDisA9oc x23hYQ06Q1s3qRLG1DIxazZYHBStmQrivNAC2kqOfWpzjLkHWYLuxPO5gejzdcAIKxObqrA0S7NEgmA/yU0pQtm9h1HNZfr6kx1fdxxKoQEEIDeC8EM/FWNNT4FNokxjMmWojfKxeX8x/s6vLKB4DqbFjRAqAOXdCdvoOaENaMzU9QQR F2cUOMKVULMDlkg2pCNXW5Ma/.../zLVgrUxvR7LY&external_id=1410454329735367722

http://applicationgrabb.net/66c2717eafe09784e8f25eafc9943e67/karakaba/dl.php?id=1410454329735367722&r=http://newspapersons.biz/v2255/lp/?q=kQ9J41FqCkdaEHwysul6JwK5kn9i4tWlnriq8VKtBj94kRbrd1ahSerFPf533RuLL7hO4JyXK4EBBY4kdXHu/ kx/v6eG/04VBgmi4bYKC4jLyRS/15cWzuaVlAc4vpXeLUM1CarxbXcrvwPlymNsf4a8h51O9e0E7XgU8nPiE vfONdEeL6rnDvejStNj19kzcMvbHrvWIEtZOa9p34pwPQNgDcZIbDMCDwSYQD1jXQzH9xwtkQpbAchD04TnGDisA9oc x23hYQ06Q1s3qRLG1DIxazZYHBStmQrivNAC2kqOfWpzjLkHWYLuxPO5gejzdcAIKxObqrA0S7NEgmA/yU0pQtm9h1HNZfr6kx1fdxxKoQEEIDeC8EM/FWNNT4FNokxjMmWojfKxeX8x/s6vLKB4DqbFjRAqAOXdCdvoOaENaMzU9QQR F2cUOMKVULMDlkg2pCNXW5Ma/.../zLVgrUxvR7LY&__rnd=adb2f0556ba5818ef6d9ff638acaad77

http://applicationgrabb.net/66c2717eafe09784e8f25eafc9943e67/karakaba/dl.php?id=1410454329735367722&r=http://newspapersons.biz/v2255/lp/?q=kQ9J41FqCkdaEHwysul6JwK5kn9i4tWlnriq8VKtBj94kRbrd1ahSerFPf533RuLL7hO4JyXK4EBBY4kdXHu/ kx/v6eG/04VBgmi4bYKC4jLyRS/15cWzuaVlAc4vpXeLUM1CarxbXcrvwPlymNsf4a8h51O9e0E7XgU8nPiE vfONdEeL6rnDvejStNj19kzcMvbHrvWIEtZOa9p34pwPQNgDcZIbDMCDwSYQD1jXQzH9xwtkQpbAchD04TnGDisA9oc x23hYQ06Q1s3qRLG1DIxazZYHBStmQrivNAC2kqOfWpzjLkHWYLuxPO5gejzdcAIKxObqrA0S7NEgmA/yU0pQtm9h1HNZfr6kx1fdxxKoQEEIDeC8EM/FWNNT4FNokxjMmWojfKxeX8x/s6vLKB4DqbFjRAqAOXdCdvoOaENaMzU9QQR F2cUOMKVULMDlkg2pCNXW5Ma/.../zLVgrUxvR7LY&__rnd=adb2f0556ba5818ef6d9ff638acaad77

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.