home

pazzly lyubvi rep pro lyubov.exe

Online story

The application pazzly lyubvi rep pro lyubov.exe by Online story has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.mind-club.ru.
Publisher:
Online story  (signed and verified)

MD5:
3bd60d45a0246f5a40c480411975172d

SHA-1:
28c533eca5d3a0954b267589d479a9a28023c401

SHA-256:
8452615924ba9ddb3046c273dc46462800fff20c6319aa4a130f0b629cc17078

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 3:47:20 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:LoadMoney-FA [PUP]
160327-1

AVG
Win32/Heim
2015.0.4545

Dr.Web
Trojan.LoadMoney.451
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Razy.6257
11.5.0.6191

ESET NOD32
Win32/AdWare.LoadMoney.OJ application
8.0.319.0

Kaspersky
not-a-virus:HEUR:Downloader.Win32.LMN
15.0.0.562

McAfee
Program.EncLoadMoney
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1025.0

Norman
Gen:Variant.Razy.6257
02.04.2016 17:35:19

VIPRE Antivirus
Threat.4657539
48434

File size:
542.6 KB (555,656 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pazzly lyubvi rep pro lyubov.exe

Digital Signature
Signed by:
Online story

Authority:
Thawte, Inc.

Valid from:
7/15/2014 3:00:00 AM

Valid to:
6/26/2015 2:59:59 AM

Subject:
CN=Online story, OU=Online story, O=Online story, L=Moscow, S=Moscow region, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1344520A9BCE2AEAD45E4E26D52C4C48

File PE Metadata
Compilation timestamp:
7/30/2014 3:04:37 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
25.6

CTPH (ssdeep):
12288:Wwwi9/8Slp8G4Ooq1F55zdVDv1oXOwj1Ns:n9//laUzdVD9oXljc

Entry address:
0x86AD

Entry point:
64, 8B, 1D, 30, 00, 00, 00, 0F, B6, 5B, 02, 85, DB, 0F, 85, 84, 03, 00, 00, 64, 8B, 2D, 30, 00, 00, 00, 8B, 6D, 0C, 83, C5, 14, 8B, 6D, 00, 8B, 75, 28, B9, 1A, 00, 00, 00, BA, 83, B2, E5, DD, 81, C2, D8, 3A, 60, 22, 42, 8A, 06, 46, 3C, 61, 7C, 02, 2C, 20, 34, 14, 38, 02, 75, DA, 49, 75, ED, 8B, 6D, 10, 8B, 55, 3C, 01, EA, 8B, 52, 78, 01, EA, 8B, 5A, 18, B8, DC, CA, 20, 37, 05, 9C, 22, 25, C9, 89, 18, 8B, 5A, 20, 01, EB, 83, C0, 04, 89, 18, 8B, 5A, 24, 01, EB, 83, C0, 04, 89, 18, 8B, 5A, 1C, 01, EB, 83, C0...
 
[+]

Code size:
412 KB (421,888 bytes)

The file pazzly lyubvi rep pro lyubov.exe has been seen being distributed by the following URL.

http://forces.mind-club.ru/NTM2NTtodHRwJTNBJTJGJTJGenZ1a29mZi5ydSUyRmRvd25sb2FkJTJGMTUzNjY1OTtuYW1lPSVEMCU5RiVEMCVCMCVEMCVCNyVEMCVCNyVEMCVCQiVEMSU4QislRDAlOUIlRDElOEUlRDAlQjElRDAlQjIlRDAlQjgrJTI4JUQwJUEwJUQxJThEJUQwJUJGKyVEMCU5RiVEMSU4MCVEMCVCRSslRDAlOUIlRDElOEUlRDAlQjElRDAlQkUlRDAlQjIlRDElOEMlMjk7c2l6ZT04Nzk4OTcxO3R5cGU9YXVkaW8=

Remove pazzly lyubvi rep pro lyubov.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.