» obnovleni.exe
Overview
Analysis
File Details
Downloads (1)

obnovleni.exe

Internet Security

Rashal Alexsandr

The application obnovleni.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from inexcusable.mastergrey.ru.

File name:

obnovleni.exe

Publisher:

Rashal Alexsandr

Product:

Internet Security

Version:

3.92.0

MD5:

1b54efb48e5a279be28c7e8cdb3f859a

SHA-1:

da21ec99a31c1ac6639ebfaa69c5b428637be209

SHA-256:

d90a56de049ce05cb37c3bc2e9ac6174a14c5a1d4014cdeb50a34535a803f9ed

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

1/14/2025 11:43:49 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.432610

361

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.LoadMoney

2016.01.02

Arcabit

Trojan.Adware.Kazy.D699E2

1.0.0.637

avast!

Win32:Installer-U [PUP]

2014.9-160208

AVG

Win32/Cryptor

2017.0.2839

Baidu Antivirus

Adware.Win32.LoadMoney

4.0.3.1628

Bitdefender

Gen:Variant.Adware.Kazy.432610

1.0.20.195

Clam AntiVirus

Win.Trojan.Agent-960893

0.98/21511

Comodo Security

Application.Win32.Loadmoney.UDA

23901

Dr.Web

Trojan.LoadMoney.336

9.0.1.039

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.432610

8.16.02.08.08

ESET NOD32

Win32/Adware.LoadMoney.ADL (variant)

10.12804

Fortinet FortiGate

W32/Kryptik.CTUA!tr

2/8/2016

F-Prot

W32/Plocust.B2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy

11.2016-08-02_2

G Data

Gen:Variant.Adware.Kazy.432610

16.2.25

IKARUS anti.virus

Packer.Win32.Krap

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18299

Kaspersky

not-a-virus:HEUR:Downloader.Win32.Plocust

14.0.0.691

Malwarebytes

PUP.Optional.LoadMoney

v2016.02.08.08

McAfee

Packed-CQ

5600.6495

Microsoft Security Essentials

TrojanDownloader:Win32/Ogimant!rfn

1.1.12400.0

MicroWorld eScan

Gen:Variant.Adware.Kazy.432610

17.0.0.117

NANO AntiVirus

Trojan.Win32.Krap.dkaakz

1.0.14.5380

Panda Antivirus

Trj/Genetic.gen

16.02.08.08

Quick Heal

PUA.Ogimant.OL9

2.16.14.00

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16206

Sophos

Generic PUA NK (PUA)

4.98

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

46224

File size:

532.5 KB (545,280 bytes)

Original file name:

Internet Security.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\obnovleni.exe

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:MK4Ixppo1ML9lChZmgpKyQzLqnsPsG5c+2:t7Y8KhpU3qn7eK

Entry address:

0x1A2C

Entry point:

83, 2D, B0, 4C, 47, 00, 01, 73, 2D, 29, 35, CB, 20, 47, 00, 89, 15, 65, 20, 47, 00, 83, F8, FF, 7E, 16, 89, 35, BC, 20, 47, 00, C7, 05, 83, 20, 47, 00, 20, 05, 01, 00, 87, 3D, 45, 20, 47, 00, 87, 15, 8E, 20, 47, 00, BF, 78, 10, 40, 00, 89, 3D, 10, 50, 47, 00, E9, 7A, F7, FF, FF, 03, 15, 6F, 20, 47, 00, 89, 3D, DC, 20, 47, 00, C7, 05, 9A, 20, 47, 00, 07, 5C, 01, 00, 89, 3D, F8, 20, 47, 00, C3, 90, 55, 8B, EC, 83, C4, D4, 89, 45, FC, 89, 7C, 24, F8, 89, 15, 40, 20, 47, 00, 8D, 3D, DC, 20, 47, 00, 01, 17, 8B... 
[+]

Code size:

449 KB (459,776 bytes)

The file obnovleni.exe has been seen being distributed by the following URL.

http://inexcusable.mastergrey.ru/MzQzO2h0dHAlM0ElMkYlMkZkbC5nb29nbGUuY29tJTJGdXBkYXRlMiUyRmluc3RhbGxlcnMlMkZDaHJvbWVTZXR1cC5leGU7bmFtZT1vYm5vdmxlbmkuZXhlO3NpemU9NjAwMDAwO3R5cGU9c2V0dXA=

Remove obnovleni.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.