vkontaktedj.exe

VKontakte DJ

RECORD LLC

The application vkontaktedj.exe by RECORD has been detected as adware by 8 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘VkontakteDJ’. This file is typically installed with the program VkontakteDJ. While running, it connects to the Internet address lab.mn on port 80 using the HTTP protocol.
Publisher:
RECORD LLC  (signed and verified)

Product:
VKontakte DJ

Description:
VKDJ, Player

Version:
3.72.0.0

MD5:
715cd54ffcfd03c8d135d428047cb690

SHA-1:
876a2123c26f1e4eeae525b8fb69f31586cb1213

SHA-256:
dc670e279a161d5ee5ed1c162cd54a68531be4153c341895c3e0ffc6be173f6c

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/27/2024 10:53:51 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Kontakte
2015.05.28

AVG
VkontakteDJ
2016.0.3035

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.PCRat-1
0.98/21511

Dr.Web
Adware.Downware.10568
9.0.1.0208

McAfee
Artemis!5B5B1FFED42E
5600.6691

Reason Heuristics
PUP.RECORD (M)
15.7.27.13

Trend Micro House Call
Suspicious_GEN.F47V0319
7.2.208

File size:
5 MB (5,256,888 bytes)

Product version:
3.72

Copyright:
Copyright (C) 2008. All rights reserved.

Original file name:
VKontakte-DJ.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vkontaktedj\vkontaktedj.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/17/2015 5:00:00 AM

Valid to:
2/17/2018 4:59:59 AM

Subject:
CN=RECORD LLC, O=RECORD LLC, STREET="Kolomyazhsky 33, liter A", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197341, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
58EE01AAB8D97EDC88B98056655D1841

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:UkzSYKbxkoblQ4hHYpSa8rIE2Lb9gcQ5FRdzExYfcmeuvN:ZzSYKGobRBYpP8wbrQ5FbESknuV

Entry address:
0x27CF24

Entry point:
55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, EC, C3, 67, 00, E8, A0, A9, D8, FF, 33, C0, 55, 68, EE, CF, 67, 00, 64, FF, 30, 64, 89, 20, E8, A9, EC, FF, FF, 33, C0, 55, 68, 96, CF, 67, 00, 64, FF, 30, 64, 89, 20, A1, 7C, 36, 69, 00, 8B, 00, E8, 43, 55, E0, FF, B9, 7C, 6C, 69, 00, A1, 7C, 36, 69, 00, 8B, 00, 8B, 15, A0, 3D, 64, 00, E8, 4C, 55, E0, FF, A1, 7C, 36, 69, 00, 8B, 00, E8, D4, 55, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 91, 77, D8, FF, 01, 00, 00, 00, A4, 90, 40, 00, A7...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.5 MB (2,605,568 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VkontakteDJ

Command:
C:\Program Files\vkontaktedj\vkontaktedj.exe \h


The file vkontaktedj.exe has been discovered within the following program.

VkontakteDJ  by VkontakteDJ
vkontakte.dj/about
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to lab.mn  (82.118.16.253:80)

TCP (HTTP SSL):
Connects to srv87-165-240-87.vk.com  (87.240.165.87:443)

TCP (HTTP):
Connects to h1net188-64-172-90.h1host.ru  (188.64.172.90:80)

Remove vkontaktedj.exe - Powered by Reason Core Security