home

shkola.exe

The application shkola.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from russia.zapto.org.
MD5:
09484fb58d6a7063df5ba396423a8bd7

SHA-1:
b38c1ef406eec2e3613b33b15b8a57917bad4ba9

SHA-256:
280b7ffcd4e8a3563bb78364419c72377ff6fbedcb687696b816759397bd2531

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 10:51:08 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:LoadMoney-FA [PUP]
160216-3

AVG
Win32/Heim
2015.0.4530

Dr.Web
Trojan.LoadMoney.451
9.0.1.05190

ESET NOD32
Win32/AdWare.LoadMoney.RL application
8.0.319.0

F-Secure
Variant.Mikey.12842
5.15.21

McAfee
Program.EncLoadMoney
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.7751.0

File size:
483.5 KB (495,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\shkola.exe

File PE Metadata
Compilation timestamp:
9/10/2014 3:50:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.14

CTPH (ssdeep):
6144:EtPPJn8/X8qz0XcYSlV64KfMJZ1GTJAjfChY764dJ0rC6ekGVUzotbokwqPjutyE:gHJn8f8flkfKKR6NrQYwrlIjn3r9lX

Entry address:
0x1A13

Entry point:
64, 8B, 0D, 30, 00, 00, 00, 0F, B6, 49, 02, 85, C9, 0F, 85, 82, 04, 00, 00, B9, 54, 6C, D3, 68, 81, C1, 2A, AE, 6C, 97, 51, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, BF, 16, D1, 1C, 7A, 81, C7, 62, 49, 23, 86, 57, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 31, C0, 31, D2, F7, 35, 74, 1A, 40, 00, 8B, 2D, 74, 1A, 40, 00, 81, F5, AF, BE, AD, DE, FF, E5, 90, 90, 00, 00, 00, 00, B8, 01, 00, 00, 00, C3, C7, 05, 74, 1A, 40, 00, 21, A4, ED, DE, B8, 00, 00, 00, 00, C3, 64, 8B, 15, 30, 00...
 
[+]

Code size:
410 KB (419,840 bytes)

The file shkola.exe has been seen being distributed by the following URL.

http://russia.zapto.org/profit.php?cl=?????? ?? ???????????? ?????? ?? ????????? 8 ????? ????????&charset=utf-8

Remove shkola.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.