rurovfqqv.exe

Zombie Invasion

Time Lapse Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application rurovfqqv.exe, “ZombieInvasion Service” by Time Lapse Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “RUrOvfQQV”.
Publisher:
Time Lapse Solutions  (signed and verified)

Product:
Zombie Invasion

Description:
ZombieInvasion Service

Version:
1.0.0.0

MD5:
0c081f74a61044bd25d25bdb5d7690e2

SHA-1:
042f35d2ced38643dc9c5e68a872535300f9718c

SHA-256:
8751d3f56e73ed6a2ab6fdebe8b05253ced58af36b1a68d043209ebc19a7ffe0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 11:11:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.3.15.15

File size:
2.6 MB (2,732,008 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Time Lapse Solutions 2015

Original file name:
ZombieInvasionService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\qxmtggt\rurovfqqv.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
1/25/2015 4:00:00 PM

Valid to:
4/26/2016 4:59:59 PM

Subject:
CN=Time Lapse Solutions, O=Time Lapse Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
088D68E27F37630FE9E23AD19AC872B3

File PE Metadata
Compilation timestamp:
6/26/2015 6:55:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x29AA2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9995

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,722,816 bytes)

Service
Display name:
RUrOvfQQV

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove rurovfqqv.exe - Powered by Reason Core Security