pointblankazerbaijan2013yepyeni_10429.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application pointblankazerbaijan2013yepyeni_10429.exe by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Microsoft  (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:
Setup

Version:
1.0.0.0

MD5:
c165740ab6d6435a9493725b5d8b80e1

SHA-1:
b592991413bc28e57009753b5eb92cc6f2fd82f0

SHA-256:
f6b2d5fefb5219df0fbc4cba0416a4dba6e090c0e1d223b292fc029c2321d2d3

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 10:10:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
16.9.7.17

File size:
554.2 KB (567,512 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Trademarks:
Microsoft

Original file name:
SetupFull.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\pointblankazerbaijan2013yepyeni_10429.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/12/2014 4:00:00 AM

Valid to:
3/13/2015 3:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
12/1/2014 7:03:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:iS/J1s0ldUmx/bLbYnwch3SoMGsgL7GZOsLa30hTbjMGsgL7GN:iS/J1sGdUmx/bwnwcco/nGZY09f/nGN

Entry address:
0x629BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 80, 00, 00, 80, 10, 00, 00, 00, 98, 00, 00, 80, 18, 00, 00, 00, B0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
386.5 KB (395,776 bytes)

Remove pointblankazerbaijan2013yepyeni_10429.exe - Powered by Reason Core Security