vkontaktedjd.exe

Vkontakte DJ Installer

The application vkontaktedjd.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.besplatnoprogrammy.ru. While running, it connects to the Internet address ip-static-94-242-221-153.server.lu on port 80 using the HTTP protocol.
Product:
Vkontakte DJ Installer

Version:
1.9.1.16

MD5:
7b66a4433092e1e2da082df26645d745

SHA-1:
f5714a3bae514d5094a3a3d1515d5ba12106bcea

SHA-256:
2fb65e916e867cd25e4e1a1389fce738fa4150a3cd96775dfc5386ac5d300227

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 3:55:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-151202

Dr.Web
Program.VKontakteDJ.6
9.0.1.0336

VIPRE Antivirus
Trojan.Win32.Generic
44840

File size:
562.5 KB (576,000 bytes)

Product version:
1.9.1.16

Copyright:
Copyright © 2015

Original file name:
DjLoader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\vkontaktedjd.exe

File PE Metadata
Compilation timestamp:
9/4/2015 3:50:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:c9IeBtF44P7qsKQ0jnAt4BknkA3F2nurBtFC:PeJ44DBKQ0jnpBknk62OJC

Entry address:
0x6AAAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
419 KB (429,056 bytes)

The file vkontaktedjd.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-static-94-242-221-153.server.lu  (94.242.221.153:80)

Remove vkontaktedjd.exe - Powered by Reason Core Security