home

vkontaktedj.exe

VKontakte DJ

The executable vkontaktedj.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘VkontakteDJ’. The file has been seen being downloaded from upd2.vkontakte.dj. While running, it connects to the Internet address h1net188-64-172-90.h1host.ru on port 80 using the HTTP protocol.
Product:
VKontakte DJ

Description:
VKDJ, Player

Version:
3.75.0.0

MD5:
94df5a915f9f1c0882b54f1be5c41a04

SHA-1:
fb76d095405de5cd361932e3954b87164d69a2e4

SHA-256:
45afedfc50d5beae5060e29b5b3ea518efc7c3f1e8cf32f981e47bb76967c9dd

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 8:49:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.16.15

File size:
5 MB (5,193,216 bytes)

Product version:
3.75

Copyright:
Copyright (C) 2008. All rights reserved.

Original file name:
VKontakte-DJ.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\vkontaktedj\vkontaktedj.exe

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:sCpoChxTalyFbBJ3Oz4MUqek1QvFRdy8ExYfcmeuvN:sEnhxTwebBJcvrQvFXESknuV

Entry address:
0x268E38

Entry point:
55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, F0, 82, 66, 00, E8, 8C, EA, D9, FF, 33, C0, 55, 68, 02, 8F, 66, 00, 64, FF, 30, 64, 89, 20, E8, 9D, CE, FD, FF, 33, C0, 55, 68, AA, 8E, 66, 00, 64, FF, 30, 64, 89, 20, A1, A8, E6, 67, 00, 8B, 00, E8, BB, 8B, E0, FF, B9, 90, 1C, 68, 00, A1, A8, E6, 67, 00, 8B, 00, 8B, 15, E0, 68, 64, 00, E8, BC, 8B, E0, FF, A1, A8, E6, 67, 00, 8B, 00, E8, 30, 8C, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 7D, B8, D9, FF, 01, 00, 00, 00, 54, 8E, 40, 00, BB...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,523,136 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VkontakteDJ

Command:
C:\ProgramData\vkontaktedj\vkontaktedj.exe \h


The file vkontaktedj.exe has been seen being distributed by the following URL.

http://upd2.vkontakte.dj/VKontakteDJ.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to h1net188-64-172-90.h1host.ru  (188.64.172.90:80)

TCP (HTTP):
Connects to static.228.51.243.136.clients.your-server.de  (136.243.51.228:80)

Remove vkontaktedj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.