home

t i featuring justin timberlake - dead and gone zaycev-mp3 net.exe

Attach Extended

PROFI-SOFT

The executable t i featuring justin timberlake - dead and gone zaycev-mp3 net.exe, “Attach Extended OllyDbg Plugin” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from throwworld.ru.
Publisher:
PROFI-SOFT  (signed and verified)

Product:
Attach Extended

Description:
Attach Extended OllyDbg Plugin

Version:
1, 0, 0, 1

MD5:
7d58dfcb5fa2209f89bb102e457f3afa

SHA-1:
554ab2a7e08e709019a9ad314cdeb8f8eb1b50b1

SHA-256:
ad35eeb0ebd34c2c07f3870af6497f60b0bc3bcd375975d5cfed27994cef3daa

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 4:30:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.10.10

File size:
1.1 MB (1,166,344 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2009

Original file name:
AttachEx.dll

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\t i featuring justin timberlake - dead and gone zaycev-mp3 net.exe

Digital Signature
Signed by:
PROFI-SOFT

Authority:
COMODO CA Limited

Valid from:
9/3/2015 5:00:00 PM

Valid to:
9/3/2016 4:59:59 PM

Subject:
CN="""PROFI-SOFT"", OOO", O="""PROFI-SOFT"", OOO", STREET="Prospekt Piskarevsky, 10", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=195221, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008B0D4FAA82D8B1952898AE54373F0012

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x8BE60

Entry point:
52, 51, 89, FF, 75, 02, 37, 90, 01, FE, E8, D1, 5D, F7, FF, 4E, 90, 58, 59, EB, 08, 90, 12, 77, 04, FC, 90, FC, 90, 68, D8, BE, 48, 00, E9, 2B, C5, 00, 00, E8, 78, EA, FF, FF, C6, 45, FB, 01, 87, 0D, 70, 10, 49, 00, 66, C7, 05, F3, 10, 49, 00, 08, EB, E9, 19, C9, 00, 00, 89, 35, AB, 10, 49, 00, E9, 23, DC, 00, 00, 0F, 85, 77, E9, FF, FF, 40, E9, 78, CE, 00, 00, 0F, 85, 6B, D9, FF, FF, 8B, 45, F8, 66, F7, C7, 92, 58, E9, A4, D5, 00, 00, 0F, 5F, 17, E8, E8, 31, 51, F7, FF, C3, 89, 3D, DE, 10, 49, 00, E9, C9...
 
[+]

Code size:
581.5 KB (595,456 bytes)

The file t i featuring justin timberlake - dead and gone zaycev-mp3 net.exe has been seen being distributed by the following URL.

http://throwworld.ru/NzUwNjtodHRwJTNBJTJGJTJGemF5Y2V2LW1wMy5uZXQlMkZkb3dubG9hZC5waHAlM0ZkYXRhJTNEYVdRbE0wTWxNMFUwTlRBNEpUZERhWEFsTTBNbE0wVTFKVEpGTVRrM0pUSkZOelVsTWtVeE5UQmZNVFl5SlRKRk1UVTRKVEpGT0RnbE1rVXlNalklM0Q7bmFtZT1ULkkuK2ZlYXR1cmluZytKdXN0aW4rVGltYmVybGFrZSstK0RlYWQrYW5kK2dvbmUrJTVCemF5Y2V2LW1wMy5uZXQlNUQubXAzO3NpemU9OTc0ODQ4MDt0eXBlPWF1ZGlv

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.