» obnovleni.exe
Overview
Analysis
File Details
Downloads (1)

obnovleni.exe

Internet Security

Rashal Alexsandr

The application obnovleni.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from instigate.grey-group.ru.

File name:

obnovleni.exe

Publisher:

Rashal Alexsandr

Product:

Internet Security

Version:

3.92.0

MD5:

c426b3dd43c05b0af577e997b0c8f463

SHA-1:

9b1c57b449987024dd3cc5d5dfba0bc1d70800d6

SHA-256:

376a894c47c7a677b737236fbd7a9281b8736910e3c95e2d413218306b85d5b6

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

1/14/2025 10:53:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.432610

368

AhnLab V3 Security

PUP/Win32.LoadMoney

2015.01.03

Avira AntiVirus

TR/Dropper.Gen

7.11.199.42

avast!

Win32:Installer-U [PUP]

2014.9-160201

AVG

Win32/Cryptor

2017.0.2846

Bitdefender

Gen:Variant.Adware.Kazy.432610

1.0.20.160

Bkav FE

HW32.Packed

1.3.0.6267

Clam AntiVirus

Win.Adware.Agent-33092

0.98/21511

Comodo Security

Application.Win32.LoadMoney.~L

20577

Dr.Web

Trojan.LoadMoney.336

9.0.1.032

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.432610

8.16.02.01.06

ESET NOD32

Win32/Adware.LoadMoney.ADH (variant)

10.10958

Fortinet FortiGate

Riskware/Plocust

2/1/2016

F-Secure

Gen:Variant.Adware.Kazy.432610

11.2016-01-02_2

G Data

Gen:Variant.Adware.Kazy.432610

16.2.24

IKARUS anti.virus

not-a-virus:Downloader.Plocust

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.1814525

Kaspersky

not-a-virus:Downloader.Win32.Plocust

14.0.0.726

Malwarebytes

PUP.Optional.LoadMoney

v2016.02.01.06

McAfee

Packed-CQ

5600.6502

Microsoft Security Essentials

Trojan:Win32/Peals!gfc

1.11302

MicroWorld eScan

Gen:Variant.Adware.Kazy.432610

17.0.0.96

NANO AntiVirus

Trojan.Win32.Plocust.dknizx

0.30.0.64448

Panda Antivirus

Trj/Genetic.gen

16.02.01.06

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.16130

Sophos

Troj/LdMon-J

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00LR14

7.2.32

Trend Micro

TROJ_GEN.F0C2C00LR14

10.465.01

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

36330

File size:

516.5 KB (528,896 bytes)

Original file name:

Internet Security.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\obnovleni.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:FFA9IH3bUH/gOBl5op+YwSSmKT7fYx34AYxgunP1MskErXvQxxrfHuhIXDpb5hwh:FFO4Uh8+ZSS7flAYxPP1TvQfoIXDOR

Entry address:

0x521C

Entry point:

31, C0, 89, 05, 9C, 3A, 47, 00, 74, 32, 83, FB, FF, 74, 0A, C6, 05, 9C, 10, 47, 00, A3, 49, EB, 0C, 89, 15, 03, 11, 47, 00, 89, 35, 39, 10, 47, 00, 89, 5C, 24, EE, 66, C7, 05, 8F, 10, 47, 00, F6, 79, C7, 05, 8D, 10, 47, 00, 1D, 52, 01, 00, BF, B4, 10, 40, 00, 89, 3D, 10, 40, 47, 00, E9, 44, C0, FF, FF, 8D, 3D, E2, 10, 47, 00, 89, 07, 8D, 35, 10, 10, 47, 00, 83, 6E, 12, 57, 89, 3D, 34, 10, 47, 00, C3, 8D, 40, 00, 55, 8B, EC, 83, C4, D4, 89, 45, FC, C7, 05, EC, 10, 47, 00, CA, 62, 01, 00, 8D, 15, 19, 10, 47... 
[+]

Code size:

445 KB (455,680 bytes)

The file obnovleni.exe has been seen being distributed by the following URL.

http://instigate.grey-group.ru/MzQzO2h0dHAlM0ElMkYlMkZkbC5nb29nbGUuY29tJTJGdXBkYXRlMiUyRmluc3RhbGxlcnMlMkZDaHJvbWVTZXR1cC5leGU7bmFtZT1vYm5vdmxlbmkuZXhlO3NpemU9NjAwMDAwO3R5cGU9c2V0dXA=

Remove obnovleni.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.