vkontaktedj.exe

VKontakte DJ

RECORD LLC

The application vkontaktedj.exe by RECORD has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program VkontakteDJ. The file has been seen being downloaded from upd2.vkontakte.dj. While running, it connects to the Internet address h1net188-64-172-90.h1host.ru on port 80 using the HTTP protocol.
Publisher:
RECORD LLC  (signed and verified)

Product:
VKontakte DJ

Description:
VKDJ, Player

Version:
3.74.0.0

MD5:
08839a22b12f9251a8594740dc5b6900

SHA-1:
3f89a04725b3502d9a648ede7fac8b4b20a0da88

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/27/2024 8:36:57 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Kontakte
2015.05.28

AVG
VkontakteDJ
2016.0.2887

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.PCRat-1
0.98/21511

Dr.Web
Adware.Downware.10568
9.0.1.0356

McAfee
Artemis!5B5B1FFED42E
5600.6543

Reason Heuristics
PUP.RECORD (M)
15.12.22.18

Trend Micro House Call
Suspicious_GEN.F47V0319
7.2.356

File size:
5 MB (5,198,008 bytes)

Product version:
3.74

Copyright:
Copyright (C) 2008. All rights reserved.

Original file name:
VKontakte-DJ.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vkontaktedj\vkontaktedj.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/17/2015 3:00:00 AM

Valid to:
2/17/2018 2:59:59 AM

Subject:
CN=RECORD LLC, O=RECORD LLC, STREET="Kolomyazhsky 33, liter A", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197341, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
58EE01AAB8D97EDC88B98056655D1841

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:FlMllFzR/cE4JdJNCKIrSHSVIVk1QvFRdyrExYfcmeuvN+:glFzFcE4JdJdIOHSaOQvF0ESknuV+

Entry address:
0x268678

Entry point:
55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, 30, 7B, 66, 00, E8, 4C, F2, D9, FF, 33, C0, 55, 68, 42, 87, 66, 00, 64, FF, 30, 64, 89, 20, E8, E9, EC, FF, FF, 33, C0, 55, 68, EA, 86, 66, 00, 64, FF, 30, 64, 89, 20, A1, A8, E6, 67, 00, 8B, 00, E8, 73, 93, E0, FF, B9, 90, 1C, 68, 00, A1, A8, E6, 67, 00, 8B, 00, 8B, 15, A4, E0, 62, 00, E8, 74, 93, E0, FF, A1, A8, E6, 67, 00, 8B, 00, E8, E8, 93, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 3D, C0, D9, FF, 01, 00, 00, 00, 4C, 8E, 40, 00, FB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,521,088 bytes)

The file vkontaktedj.exe has been discovered within the following program.

VkontakteDJ  by VkontakteDJ
vkontakte.dj/about
About 8% of users remove it
 
Powered by Should I Remove It?

The file vkontaktedj.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to h1net188-64-172-90.h1host.ru  (188.64.172.90:80)

TCP (HTTP):
Connects to static.228.51.243.136.clients.your-server.de  (136.243.51.228:80)

TCP (HTTP SSL):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:443)

TCP (HTTP):
Connects to lab.mn  (82.118.16.253:80)

Remove vkontaktedj.exe - Powered by Reason Core Security