home

the_crew_crack_1420187777.exe

ВERSHNET LLC

The application the_crew_crack_1420187777.exe by ВERSHNET has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from adqkq31ldf8bzws.epik-tee.ru.
Publisher:
ВERSHNET LLC  (signed and verified)

Version:
1.0.0.0

MD5:
f9258e7e35246af73aae961105e62669

SHA-1:
3a02e950963ff20016f0d15ebacf847d49a059e7

SHA-256:
e8a14f4580935d0b4b5716ad719bd850d44ad6747e89722fe8ae6277d250a07f

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/1/2024 7:30:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.187756
5570222

Avira AntiVirus
ADWARE/Lollipop.jewc
8.3.1.6

AVG
Adware BundleApp.BGX
2014.0.4311

Bitdefender
Gen:Variant.Adware.Graftor.187756
1.0.20.740

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.InstallMonster.1230
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.187756
10.0.0.5366

ESET NOD32
Win32/InstallMonstr.JT potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor
5.14.151

G Data
Gen:Variant.Adware.Graftor.187756
15.5.25

K7 AntiVirus
Unwanted-Program
13.204.16051

Malwarebytes
PUP.Optional.InstallMonster
v2015.05.28.05

MicroWorld eScan
Gen:Variant.Adware.Graftor.187756
16.0.0.444

Reason Heuristics
PUP.OutBrowse.ERSHNET
15.5.28.5

VIPRE Antivirus
Threat.4785227
40552

File size:
3.8 MB (3,951,160 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\the_crew_crack_1420187777.exe

Digital Signature
Signed by:
ВERSHNET LLC

Authority:
COMODO CA Limited

Valid from:
2/5/2015 3:00:00 AM

Valid to:
2/6/2016 2:59:59 AM

Subject:
CN=ВERSHNET LLC, O=ВERSHNET LLC, STREET="600-Richchya, house 66, office 10", L=Vinnitsa, S=Vinnitskiy Region, PostalCode=21027, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0DCBDEF5E756334284571793EA14D465

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:q3JfeWZN8jcuB5WcsnIaJAgN/JpHNYtmEgeDUalL5:qxN8ZO/AgNBQgEUaN5

Entry address:
0x7482E0

Entry point:
60, BE, 00, 60, 80, 00, 8D, BE, 00, B0, BF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
3.3 MB (3,420,160 bytes)

The file the_crew_crack_1420187777.exe has been seen being distributed by the following URL.

http://adqkq31ldf8bzws.epik-tee.ru/am1zZGVoY2p4eXNvdGlseyJzaWQiOiIyMDMwIiwidXJsIjoiaHR0cDpcL1wvczIuZmlsZS1zcGFjZS5vcmdcL2Rvd25cL3FzbzU3LU54NHVcLzE0Mjk4Mzc2MDdcL3FPTHJmd2xiaFd3VkVVTXlaZnBydFFcLzQ2MzdcLzBcLzQ2MzdcL1RoZV9DUkVXX0NSQUNLXzE0MjAxODc3NzcudG9ycmVudCIsIm5hbWUiOiJUaGVfQ1JFV19DUkFDS18xNDIwMTg3Nzc3LnRvcnJlbnQiLCJ0eXBlIjoidG9ycmVudCIsInNpemUiOiIxMDA3MiIsInZlciI6IjEiLCJybmQwIjoiYjI1MDliMzA1YTA4OGUyNjRhMjlmMmM3YThiYmQyZmYifQ,,

Remove the_crew_crack_1420187777.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.