» usher raymond-gone_to_soon.exe
Overview
Analysis
File Details
Downloads (2)

usher raymond-gone_to_soon.exe

Vkontakte DJ Installer

The application usher raymond-gone_to_soon.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from bun.downloadappscom.biz and multiple other hosts.

File name:

Product:

Vkontakte DJ Installer

Version:

1.9.1.26

MD5:

0d4ba16715280b2dd96964a1d02c5c8d

SHA-1:

5ba0ac7322b1e0022680cde04a42aa342c13f2a4

SHA-256:

14c453c0585a6f2064b15fc006bbab12b3cd067b83483428f84fd04e0b09c457

Scanner detections:

17 / 68

Status:

Potentially unwanted

Analysis date:

11/30/2024 3:44:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Rootkit.75851

409

Arcabit

Rootkit.D1284B

1.0.0.629

Baidu Antivirus

PUA.MSIL.VKontakteDJ

4.0.3.151222

Bitdefender

Rootkit.75851

1.0.20.1780

Dr.Web

Program.VKontakteDJ.9

9.0.1.0356

Emsisoft Anti-Malware

Rootkit.75851

8.15.12.22.01

ESET NOD32

MSIL/VKontakteDJ.A potentially unwanted application

7.0.302.0

F-Secure

Rootkit.75851

11.2015-22-12_3

G Data

Rootkit.75851

15.12.25

K7 AntiVirus

Adware

13.212.18131

Kaspersky

not-a-virus:Downloader.MSIL.VKontakteDJ

14.0.0.932

McAfee

Artemis!0D4BA1671528

5600.6543

MicroWorld eScan

Rootkit.75851

16.0.0.1068

Sophos

Vkontakte DJLoader (PUA)

4.98

Trend Micro

TROJ_GEN.R0EBC0OLG15

10.465.22

VIPRE Antivirus

Trojan.Win32.Generic

45902

Zillya! Antivirus

Trojan.Injector.Win32.336177

2.0.0.2569

File size:

563.5 KB (577,024 bytes)

Product version:

1.9.1.26

Original file name:

DjLoader.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\usher raymond-gone_to_soon.exe

File PE Metadata

Compilation timestamp:

11/10/2015 8:32:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:vJnBtF/4P7qsKQ0jnAt4BknkA3F2n7HsckBtFC:RnJ/4DBKQ0jnpBknk627slJC

Entry address:

0x6AF4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

420 KB (430,080 bytes)

The file usher raymond-gone_to_soon.exe has been seen being distributed by the following 2 URLs.

http://bun.downloadappscom.biz/yjwwr21.html??group=vkdjsite&name=????? ???-pro_med&parameter=btn_track

http://bun.downloadappscom.biz/yjwwr21.html??group=vkdjsite&name=Peter White-perfect_moment_perfect_moment&parameter=btn_track

Remove usher raymond-gone_to_soon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.