home

the_dark_smart_tv_server_download-zip.exe

SPK GEO, TOV

The executable the_dark_smart_tv_server_download-zip.exe has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from qqqelkdjfldfjk.org.
Publisher:
SPK GEO, TOV  (signed and verified)

MD5:
049d3ed8976c0f18995f58d1cb8ed265

SHA-1:
7ed86e43a01468bf8ce7c00d0fba856d8d1f31ac

SHA-256:
092eef3eb626a84d11f929f363c183ecd88c423fcfdc5c664450c4954c6c689f

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
11/15/2024 4:52:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.724825
477

Agnitum Outpost
Trojan.Kazy
7.1.1

Avira AntiVirus
TR/Kazy.1895192
8.3.2.2

avast!
Win32:Malware-gen
2014.9-151015

Bitdefender
Gen:Variant.Kazy.724825
1.0.20.1440

Emsisoft Anti-Malware
Gen:Variant.Kazy.724825
8.15.10.15.12

F-Secure
Gen:Variant.Kazy.724825
11.2015-15-10_5

G Data
Gen:Variant.Kazy.724825
15.10.25

McAfee
Artemis!049D3ED8976C
5600.6611

MicroWorld eScan
Gen:Variant.Kazy.724825
16.0.0.864

Reason Heuristics
Threat.Win.Reputation.IMP
15.10.15.12

Trend Micro
TROJ_GEN.R00UC0OJ815
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
44512

File size:
1.8 MB (1,895,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\the_dark_smart_tv_server_download-zip.exe

Digital Signature
Signed by:
SPK GEO, TOV

Authority:
COMODO CA Limited

Valid from:
9/21/2015 3:00:00 AM

Valid to:
9/21/2016 2:59:59 AM

Subject:
CN="SPK GEO, TOV", OU=IT, O="SPK GEO, TOV", STREET=Bud. 4/2 vul.Trostyanetska, L=Kiev, S=Kiev, PostalCode=02160, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DB551DF75516F50C355989C50C12AF41

File PE Metadata
Compilation timestamp:
9/23/2015 11:28:31 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:GV+GP6yr9MuPaUsFY3jSb3f4CIs192P5l8:C9y13f4/s

Entry address:
0x15C8

Entry point:
E8, E4, 02, 00, 00, E9, 49, FE, FF, FF, 55, 8B, EC, FF, 15, 1C, 20, 40, 00, 6A, 01, A3, 54, 33, 40, 00, E8, 55, 05, 00, 00, FF, 75, 08, E8, 53, 05, 00, 00, 83, 3D, 54, 33, 40, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 3B, 05, 00, 00, 59, 68, 09, 04, 00, C0, E8, 3C, 05, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 5F, 05, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 38, 31, 40, 00, 89, 0D, 34, 31, 40, 00, 89, 15, 30, 31, 40, 00, 89, 1D, 2C, 31, 40, 00, 89, 35, 28, 31, 40, 00, 89, 3D, 24...
 
[+]

Entropy:
5.2978

Code size:
3 KB (3,072 bytes)

The file the_dark_smart_tv_server_download-zip.exe has been seen being distributed by the following URL.

http://qqqelkdjfldfjk.org/dll.php?file_name=kratkoe_soderzhanie

Remove the_dark_smart_tv_server_download-zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.