home

vhdap0.exe

Video HD Accelerator - plus

Yaske

The application vhdap0.exe, “Esta aplicación se encargara de instalar la extensión necesaria para Acelerar Videos Online” has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from go.cuevana.tv and multiple other hosts.
Publisher:
Yaske

Product:
Video HD Accelerator - plus

Description:
Esta aplicación se encargara de instalar la extensión necesaria para Acelerar Videos Online

Version:
1.30

MD5:
cba061b0386ec34106187aac51595bad

SHA-1:
36342de4a7e7e6d42d3ebf33860b45de42cb2343

SHA-256:
3e41263537e3400e68026900b3e85a9c426d8a221e97b335833abca63c7b2eef

Scanner detections:
26 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 1:36:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDV.1029393
1104

Agnitum Outpost
Trojan.PWS.VB
7.1.1

AhnLab V3 Security
Trojan/Win32.VB
2013.12.04

Avira AntiVirus
TR/PSW.VB.dpb
7.11.117.172

avast!
Win32:Malware-gen
2014.9-140127

AVG
PSW.Generic11
2015.0.3582

Baidu Antivirus
Trojan.Win32.InfoStealer
4.0.3.14127

Bitdefender
Trojan.GenericKDV.1029393
1.0.20.135

Comodo Security
ApplicUnwnt
17381

Emsisoft Anti-Malware
Trojan.GenericKDV.1029393
8.14.01.27.09

ESET NOD32
Win32/Adware.OfferingMedia (variant)
8.9127

Fortinet FortiGate
W32/VB.DPB!tr.pws
1/27/2014

F-Secure
Trojan.GenericKDV.1029393
11.2014-27-01_2

G Data
Trojan.GenericKDV.1029393
14.1.22

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10396

Kaspersky
Trojan-PSW.Win32.VB
14.0.0.4403

McAfee
RDN/Generic PWS.y!ts
5600.7238

MicroWorld eScan
Trojan.GenericKDV.1029393
15.0.0.81

Norman
Suspicious_Gen4.ECKAV
11.20140127

Reason Heuristics
Unnamed.Threat.28
14.2.26.12

Sophos
Mal/StartP-A
4.95

Trend Micro House Call
TROJ_SPNR.0CFC13
7.2.27

Trend Micro
TROJ_SPNR.0CFC13
10.465.27

Vba32 AntiVirus
TrojanPSW.VB
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
23992

File size:
880 KB (901,120 bytes)

Product version:
1.30

Copyright:
Yaske Copyright

Trademarks:
http://yaske.net

Original file name:
1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\vhdap0.exe

File PE Metadata
Compilation timestamp:
4/29/2013 2:50:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:XKtSk100EF2YzwfZYQhFhGtSk100EFMOi2tSk100EFeYzwfZYNrecWX15BXRDD0U:XKAQY0fZYqhGA2iA8Y0fZYNk9

Entry address:
0x163C

Entry point:
68, 5C, 91, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, A8, 00, 00, 00, 48, 00, 00, 00, FC, F7, A9, A9, 01, 7B, 1D, 4C, B0, 02, FA, 49, 92, EA, 86, 88, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 56, 69, 64, 65, 6F, 48, 44, 41, 63, 63, 65, 6C, 65, 72, 61, 74, 6F, 50, 6C, 75, 73, 00, 5C, 57, 45, 73, 74, 61, 20, 61, 70, 6C, 69, 63, 61, 63, 69, F3, 6E, 20, 73, 65, 20, 65, 6E, 63, 61, 72, 67, 61, 72, 61, 20, 64, 65, 20, 69, 6E, 73, 74, 61, 6C, 61, 72, 20, 6C, 61, 20...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
680 KB (696,320 bytes)

Scheduled Task
Task name:
{6E38D2E4-826C-49C0-8321-8025C5CE56C0}

Trigger:
Registration (Runs on registration)


The file vhdap0.exe has been seen being distributed by the following 3 URLs.

http://go.cuevana.tv/?http://ufpr.dl.sourceforge.net/project/.../VHDAP0.exe

http://ufpr.dl.sourceforge.net/project/.../VHDAP0.exe

http://subpelis.info/to/?http://ufpr.dl.sourceforge.net/project/.../VHDAP0.exe&attempt=1

Remove vhdap0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.