home

vkontaktedj.exe

VKontakte DJ

RECORD LLC

The application vkontaktedj.exe by RECORD has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘VkontakteDJ’. The file has been seen being downloaded from upd2.vkontakte.dj and multiple other hosts. While running, it connects to the Internet address h1net188-64-172-90.h1host.ru on port 80 using the HTTP protocol.
Publisher:
RECORD LLC  (signed and verified)

Product:
VKontakte DJ

Description:
VKDJ, Player

Version:
3.70.0.0

MD5:
5b5b1ffed42e0eb9c0363d27f53725b7

SHA-1:
f2bed456212205571aeedc0bf35fc7b08f821426

SHA-256:
1e2c49441808aeb8ff08dfed6420b0c379f97a0acdc2a3747fde4d4d998f7485

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/27/2024 9:30:42 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
VkontakteDJ
2016.0.3144

Dr.Web
Adware.Downware.10568
9.0.1.099

McAfee
Artemis!5B5B1FFED42E
5600.6800

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.10.1

Trend Micro House Call
Suspicious_GEN.F47V0401
7.2.99

File size:
4.9 MB (5,161,144 bytes)

Product version:
3.70

Copyright:
Copyright (C) 2008. All rights reserved.

Original file name:
VKontakte-DJ.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
RECORD LLC

Authority:
COMODO CA Limited

Valid from:
2/17/2015 3:00:00 AM

Valid to:
2/17/2018 2:59:59 AM

Subject:
CN=RECORD LLC, O=RECORD LLC, STREET="Kolomyazhsky 33, liter A", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197341, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
58EE01AAB8D97EDC88B98056655D1841

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:f6MC+ZBDjf6XJsxgcQ5FRdSExYfcmeuvN:i2Zlj6SnQ5FqESknuV

Entry address:
0x265C58

Entry point:
55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, 20, 51, 66, 00, E8, 6C, 1C, DA, FF, 33, C0, 55, 68, 22, 5D, 66, 00, 64, FF, 30, 64, 89, 20, E8, A9, EC, FF, FF, 33, C0, 55, 68, CA, 5C, 66, 00, 64, FF, 30, 64, 89, 20, A1, 7C, B6, 67, 00, 8B, 00, E8, 8B, BD, E0, FF, B9, 7C, EC, 67, 00, A1, 7C, B6, 67, 00, 8B, 00, 8B, 15, 8C, C9, 62, 00, E8, 8C, BD, E0, FF, A1, 7C, B6, 67, 00, 8B, 00, E8, 00, BE, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 5D, EA, D9, FF, 01, 00, 00, 00, 4C, 8E, 40, 00, DB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,510,336 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VkontakteDJ

Command:
C:\vkontaktedj\vkontaktedj.exe \h


The file vkontaktedj.exe has been seen being distributed by the following 2 URLs.

http://upd2.vkontakte.dj/.../updates.exe

http://upd2.dj-reserve.com/.../updates.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to h1net188-64-172-90.h1host.ru  (188.64.172.90:80)

Remove vkontaktedj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.