» vkontaktedj.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (4)

vkontaktedj.exe

VKontakte DJ

RECORD LLC

The application vkontaktedj.exe by RECORD has been detected as adware by 8 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘VkontakteDJ’. This file is typically installed with the program VkontakteDJ. While running, it connects to the Internet address lab.mn on port 80 using the HTTP protocol.

File name:

vkontaktedj.exe

Publisher:

RECORD LLC (signed and verified)

Product:

VKontakte DJ

Description:

VKDJ, Player

Version:

3.72.0.0

MD5:

715cd54ffcfd03c8d135d428047cb690

SHA-1:

876a2123c26f1e4eeae525b8fb69f31586cb1213

SHA-256:

dc670e279a161d5ee5ed1c162cd54a68531be4153c341895c3e0ffc6be173f6c

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

11/27/2024 10:53:51 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Kontakte

2015.05.28

AVG

VkontakteDJ

2016.0.3035

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.PCRat-1

0.98/21511

Dr.Web

Adware.Downware.10568

9.0.1.0208

McAfee

Artemis!5B5B1FFED42E

5600.6691

Reason Heuristics

PUP.RECORD (M)

15.7.27.13

Trend Micro House Call

Suspicious_GEN.F47V0319

7.2.208

File size:

5 MB (5,256,888 bytes)

Product version:

3.72

Original file name:

VKontakte-DJ.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\vkontaktedj\vkontaktedj.exe

Digital Signature

Signed by:

RECORD LLC

Authority:

COMODO CA Limited

Valid from:

2/17/2015 5:00:00 AM

Valid to:

2/17/2018 4:59:59 AM

Subject:

CN=RECORD LLC, O=RECORD LLC, STREET="Kolomyazhsky 33, liter A", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197341, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

58EE01AAB8D97EDC88B98056655D1841

File PE Metadata

Compilation timestamp:

6/20/1992 4:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:UkzSYKbxkoblQ4hHYpSa8rIE2Lb9gcQ5FRdzExYfcmeuvN:ZzSYKGobRBYpP8wbrQ5FbESknuV

Entry address:

0x27CF24

Entry point:

55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, EC, C3, 67, 00, E8, A0, A9, D8, FF, 33, C0, 55, 68, EE, CF, 67, 00, 64, FF, 30, 64, 89, 20, E8, A9, EC, FF, FF, 33, C0, 55, 68, 96, CF, 67, 00, 64, FF, 30, 64, 89, 20, A1, 7C, 36, 69, 00, 8B, 00, E8, 43, 55, E0, FF, B9, 7C, 6C, 69, 00, A1, 7C, 36, 69, 00, 8B, 00, 8B, 15, A0, 3D, 64, 00, E8, 4C, 55, E0, FF, A1, 7C, 36, 69, 00, 8B, 00, E8, D4, 55, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 91, 77, D8, FF, 01, 00, 00, 00, A4, 90, 40, 00, A7... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 MB (2,605,568 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VkontakteDJ

Command:

C:\Program Files\vkontaktedj\vkontaktedj.exe \h

The file vkontaktedj.exe has been discovered within the following program.

VkontakteDJ by VkontakteDJ

vkontakte.dj/about

About 8% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to lab.mn (82.118.16.253:80)

TCP (HTTP SSL):

Connects to srv87-165-240-87.vk.com (87.240.165.87:443)

TCP (HTTP):

Connects to h1net188-64-172-90.h1host.ru (188.64.172.90:80)

Remove vkontaktedj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.