vhdap0.exe

Video HD Accelerator - plus

stinger-PC\stinger

The application vhdap0.exe, “Esta aplicación se encargara de instalar la extensión necesaria para Acelerar Videos Online” by stinger-PC\stinger has been detected as a potentially unwanted program by 10 anti-malware scanners. The file has been seen being downloaded from ufpr.dl.sourceforge.net and multiple other hosts.
Publisher:
Yaske  (signed by stinger-PC\stinger)

Product:
Video HD Accelerator - plus

Description:
Esta aplicación se encargara de instalar la extensión necesaria para Acelerar Videos Online

Version:
1.30

MD5:
13451a49eefba24e09d39924e724bbc8

SHA-1:
1b7d42d39b834ab905dbca072a9815ccb3789b06

SHA-256:
681339d13667fcc75c176f5a71ce83c15187756e5569d4bb56fcd937dc5addf9

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 8:51:08 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic5
2015.0.3424

Baidu Antivirus
Adware.Win32.OfferingMedia
4.0.3.1473

Comodo Security
UnclassifiedMalware
18347

ESET NOD32
Win32/Adware.OfferingMedia (variant)
8.9857

Fortinet FortiGate
W32/StartP.A
7/3/2014

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.6.1.0

K7 AntiVirus
Riskware
13.178.12212

NANO AntiVirus
Trojan.Win32.OfferingMedia.cujjka
0.28.0.59921

Norman
Suspicious_Gen2.VQFUP
11.20140703

VIPRE Antivirus
Trojan.Win32.Generic
29676

File size:
888.9 KB (910,280 bytes)

Product version:
1.30

Copyright:
Yaske Copyright

Trademarks:
http://yaske.net

Original file name:
Video HD Accelerator - plus Sin Interfaz.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vhdap0.exe

Digital Signature
Authority:
stinger-PC\stinger

Valid from:
12/21/2012 6:16:25 PM

Valid to:
12/22/2013 12:16:25 AM

Subject:
CN=stinger-PC\stinger

Issuer:
CN=stinger-PC\stinger

Serial number:
1BC3BE845552E08042C77509D7F6DB8F

File PE Metadata
Compilation timestamp:
3/14/2013 7:07:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:XYtSk100EFFYzwfZYcE9tSk100EFPOictSk100EFeYzwfZYWq5EcrSK3l8g6dFX3:XYAzY0fZYcKAtYA8Y0fZYWqZM9N

Entry address:
0x159C

Entry point:
68, A4, 90, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, B8, 00, 00, 00, 58, 00, 00, 00, 69, E0, E4, 40, E6, F8, A1, 43, 95, 26, 34, 10, D3, E3, 89, 90, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 56, 69, 64, 65, 6F, 48, 44, 41, 63, 63, 65, 6C, 65, 72, 61, 74, 6F, 50, 6C, 75, 73, 53, 69, 6E, 49, 6E, 74, 65, 72, 66, 61, 7A, 00, 00, 00, 00, 00, 00, 00, 00, 45, 73, 74, 61, 20, 61, 70, 6C, 69, 63, 61, 63, 69, F3, 6E, 20, 73, 65, 20, 65, 6E, 63, 61, 72, 67, 61, 72, 61...
 
[+]

Entropy:
4.5895

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
688 KB (704,512 bytes)

The file vhdap0.exe has been seen being distributed by the following 2 URLs.

Remove vhdap0.exe - Powered by Reason Core Security