home

odnobot demo (демо_версия).exe

ART LODZHYSTІK TOV

The application odnobot demo (демо_версия).exe by ART LODZHYSTІK TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
ART LODZHYSTІK TOV  (signed and verified)

MD5:
5557393eacaa9f963abdaf9c5aff0881

SHA-1:
b24b7427a06848460954e50d670f6731816f5273

SHA-256:
7d19feef8e074a8cda0312414007bac7659e9554961d29bf711299b1e48c7531

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/6/2025 12:17:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.ARTLODZH (M)
16.3.8.15

File size:
3.4 MB (3,611,432 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
ART LODZHYSTІK TOV

Authority:
Thawte, Inc.

Valid from:
10/10/2014 3:00:00 AM

Valid to:
10/11/2015 2:59:59 AM

Subject:
CN=ART LODZHYSTІK TOV, O=ART LODZHYSTІK TOV, L=Odessa, S=Odessa, C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
78560400D4F1812C8E1FA6BDC7FC9095

File PE Metadata
Compilation timestamp:
10/18/2014 5:26:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:NW5O3wvGCf2dNA6oeUgb9XSUOdtQjvfQjvy:A5Wwv6oeUuJSWUq

Entry address:
0x1E1218

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, D8, E6, 5D, 00, E8, 23, 6C, E2, FF, 8B, 1D, 20, 9D, 5E, 00, 8B, 03, E8, 8A, 43, E9, FF, 8B, 03, B2, 01, E8, 8D, 62, E9, FF, 8B, 0D, 14, 9B, 5E, 00, 8B, 03, 8B, 15, 7C, 99, 5D, 00, E8, 86, 43, E9, FF, 8B, 0D, 98, 9D, 5E, 00, 8B, 03, 8B, 15, 8C, D3, 5C, 00, E8, 73, 43, E9, FF, 8B, 0D, F0, 9E, 5E, 00, 8B, 03, 8B, 15, 6C, 81, 5D, 00, E8, 60, 43, E9, FF, 8B, 03, E8, 91, 44, E9, FF, 5B, E8, C7, 43, E2, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.9 MB (1,967,104 bytes)

Remove odnobot demo (демо_версия).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.