unstl.exe

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

The application unstl.exe by CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Sti has been detected as adware by 3 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Homepage 1.0 by homepage.com.tr which is a potentially unwanted software program. The file has been seen being downloaded from s3-eu-west-1.amazonaws.com. While running, it connects to the Internet address 202-35.vargonen.net on port 80 using the HTTP protocol.
Version:
1, 1, 0, 0

MD5:
e7ae8c308834bb810b28c3ab8ddae2c8

SHA-1:
099c5eecb04b993b971df70e3ff1d1fdebbb71f5

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 3:18:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CNTBilisimTeknolojisipazrekturltlhTicSti.F
14.8.8.0

Rising Antivirus
AU3SCRIPT:Malware.Banker!1.9DF6
23.00.65.14531

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
24756

File size:
400.7 KB (410,296 bytes)

File type:
Executable application (Win32 EXE)

Language:
Ingilizce (Ingiltere)

Common path:
C:\Program Files\homepage\unstl.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/2/2012 2:00:00 AM

Valid to:
2/2/2014 1:59:59 AM

Subject:
CN=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, OU=CNT Bilisim Teknolojisi Tic Ltd Sti, O=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, STREET=273/1 Sk. Mansuroglu Mah. Narlibahce Sit., STREET=No:6 B1 Blok Daire:2, STREET=Bayrakli, L=Caner Bayraktar, S=Izmir, PostalCode=35030, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2491AD8A2DE204BEAB2DC62493BE62FA

File PE Metadata
Compilation timestamp:
1/29/2012 11:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:cuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qL87xqE4IAcsul7iaYVx/cpc:36Wq4aaE6KwyF5L0Y2D1PqL8Inaf74V

Entry address:
0xB2E80

Entry point:
60, BE, 00, 10, 47, 00, 8D, BE, 00, 00, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file unstl.exe has been discovered within the following program.

Homepage 1.0  by homepage.com.tr
www.homepage.com.tr
83% remove it
 
Powered by Should I Remove It?

The file unstl.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 202-35.vargonen.net  (178.18.202.35:80)

Remove unstl.exe - Powered by Reason Core Security