s5qs.exe

And Exist

Housekeeper In

The application s5qs.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup program which is used to install the application. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from newspapersons.biz and multiple other hosts.
Publisher:
Housekeeper In

Product:
And Exist

Description:
To Capable

Version:
0.3.0.9

MD5:
7c7c3caf25409e65420979d649ed444f

SHA-1:
2ffc8c0698fc796ebbcf3cf4525cb938e0314fa7

SHA-256:
8f1b70bc70c07610a6d2a1b262b87daf48fc1222fc93f3009d926a754756aa31

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 5:59:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.CT
864

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
Win32:MultiPlug-DP [PUP]
140908-2

AVG
Adware Generic5.BJYG
2014.0.4015

Bitdefender
Application.Bundler.CT
1.0.20.1335

Dr.Web
BackDoor.Andromeda.469
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.CT
14.09.24

ESET NOD32
Win32/AdWare.MultiPlug.CB application
7.0.302.0

F-Secure
Application.Bundler.CT
11.2014-24-09_4

G Data
Application.Bundler.CT
14.9.24

IKARUS anti.virus
Trojan.Crypt
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13463

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3204

Malwarebytes
PUP.Optional.MultiPlug
v2014.09.24.06

McAfee
MultiPlug
5600.6998

MicroWorld eScan
Application.Bundler.CT
15.0.0.801

NANO AntiVirus
Trojan.Win32.XPACK.depdee
0.28.2.62286

nProtect
Trojan-Clicker/W32.MultiPlug.885760
14.09.24.01

Sophos
MultiPlug
4.98

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

File size:
865 KB (885,760 bytes)

Product version:
1.6.5.3

Copyright:
All rights reserved for Housekeeper In LTD.

Original file name:
Harry Potter And The Goblet Of Fire.exe

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\s5qs.exe

File PE Metadata
Compilation timestamp:
10/25/2013 11:30:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:7wxJxfWP3+yKGYO22ln7njCQFE/UCkV7qepakI7uZUbri/MWUD5QWuLZhcMCpoPm:MxJxfKKZOV7v7Ck1VV/M2tL3cN+a/

Entry address:
0x18555

Entry point:
E8, 68, 43, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 73, 4D, 00, E8, E5, 10, 00, 00, E8, 35, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, FB, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 52, 0A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.8519  (probably packed)

Code size:
138 KB (141,312 bytes)

The file s5qs.exe has been seen being distributed by the following 2 URLs.

Remove s5qs.exe - Powered by Reason Core Security