home

survivor_philippines_reunion_special_secure.exe

PrivitizeVPN Installer

OOO

The application survivor_philippines_reunion_special_secure.exe by OOO has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from privitize.com and multiple other hosts.
Publisher:
PrivitizeVPN  (signed by OOO )

Product:
PrivitizeVPN Installer

Version:
1.0.0.2

MD5:
f9fb62cacb9037b91ceeacc27b892dd0

SHA-1:
57f90032dd4be30758aa5dbc5e25816c798ed60b

SHA-256:
a0ae24b1b3786cb7dfc4c4a4a0d3b956505e06c5b982fc45d872b667076fc455

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/15/2024 10:45:47 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodd32.Trojan
1.3.0.4562

Dr.Web
Adware.Siggen.25598
9.0.1.0334

ESET NOD32
Win32/TopMedia
7.9090

Reason Heuristics
PUP.Installer.OOO.l
14.3.1.2

Sophos
PrivitizeVPN
4.95

Trend Micro House Call
TROJ_SPNR.03AI13
7.2.334

Trend Micro
TROJ_SPNR.03AI13
10.465.30

VIPRE Antivirus
Adware.Privitize
23700

File size:
826.4 KB (846,256 bytes)

Product version:
1.0.0.2

Copyright:
Copyright 2012

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\survivor_philippines_reunion_special_secure.exe

Digital Signature
Signed by:
OOO

Authority:
COMODO CA Limited

Valid from:
8/2/2012 9:30:00 AM

Valid to:
8/3/2015 9:29:59 AM

Subject:
CN="OOO ""Industry""", O="OOO ""Industry""", STREET="Vsevolzhsky 2, bld. 2", L=Moscow, S=Moscow, PostalCode=119034, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D139BDA20096871840DCE08E6A80B6F0

File PE Metadata
Compilation timestamp:
12/6/2009 9:20:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:m5koCD7pbeel01j9EU149NNvwuITylumaN9mS58kzFiqzUog6Z47LRwIbUZ:m5gvpC91jqU14DulcS/FiZT6OXRwIAZ

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9772

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file survivor_philippines_reunion_special_secure.exe has been seen being distributed by the following 50 URLs.

http://privitize.com/.../Zeitgeist_Moving_Forward_(2011)_DVDRip_XviD-P2P?tag=blp2

http://privitize.com/.../Kendrick_Lamar_-_Swimming_Pools_(Drank)?tag=blp

http://privitize.com/.../Desperate_Housewives_Season_7?tag=blp

http://privitize.com/.../Banned_from_equestria_(daily)_1.3?tag=blp-b2

http://privitize.com/.../Very_Short_Introductions_-_158_books?tag=blp2

http://privitize.com/.../The_Black_Keys-Brothers-2010-SiNGULARiTY_(MP3-320)?tag=blp2

http://privitize.com/.../Redlynx_Trials_2_Second_Edition_v1.08?tag=blp2

http://privitize.com/.../The_Piano_Guys_-_The_Piano_Guys_(2012)?tag=bal

http://privitize.com/.../Doctor.Who.2005.7x01.HDTV.XviD-FS_[PublicHD]?tag=blp

http://privitize.com/.../GTA_SAN_ANDREAS_ _CRACK_ _SA-MP?tag=blp2

http://privitize.com/.../Clash_Of_The_Titans_(2010)_COMPLETE_DVD_Rip_by_vladtepes3176?tag=blp2

http://privitize.com/.../Office_2010_x32_x64_PT_BR_ _ATIVADOR_KMS?tag=blp2

http://privitize.com/.../Guitar_Hero_III_(3)_PC?tag=bal

http://privitize.com/.../Plants_vs_Zombies?tag=blp

http://privitize.com/.../Tupac_-_Greatest_Hits?tag=blp2

http://privitize.com/.../Killing_Floor_v1021_ _White_Listed_Maps?tag=blp

http://privitize.com/.../Fleet_Foxes_-_Discography_2006_-_2011?tag=blp

http://privitize.com/.../Na_Pegada_do_Arrocha_2012?tag=bal

http://privitize.com/.../Jagten_aka_The_Hunt_2012_DVDRip_Sonata_Premiere_?tag=bal

http://privitize.com/.../Counter_Strike_1.6_Full_with_maps_and_cheats?tag=blp

http://privitize.com/.../Natasha_Malkova_-_Just_The_Tip_[Babes]?tag=blp2

http://privitize.com/.../FAR_CRY_1_ _v1.4_ACUMULATIVE_PATCH_ _CRACK_[by_-PJM442-]?tag=blp

http://privitize.com/.../Windows_7_Crack_Loader_v.2.2.1_Activation_by_DAZ_February_2013?tag=blp

http://privitize.com/.../David_Guetta_-_Nothing_But_The_Beat_Ultimate_(iTunes_Version)_20?tag=blp

http://privitize.com/.../Backwards.2012.DVDRip.XviD.AC3-PTpOWeR?tag=bal

http://privitize.com/.../Wallace_and_Gromit_Film_Collection?tag=bal

http://privitize.com/.../Counter_Strike_1.6_Updated_March_15_,_2013?tag=blp2

http://privitize.com/.../Propellerhead_Recycle_v2.2.3_Full_WiN_-_UGET_[deepstatus]?tag=bal

http://privitize.com/.../Hotel.Transylvania.2012.1080p.H264.Multilanguage.ENG.SPA.ELBRODI?tag=blp

http://privitize.com/.../Harry_Potter_And_The_Chamber_Of_Secrets_[PC-Game]?tag=blp2

Latest 30 of 276 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.