vuescan9.4.44x64serialrsload.netскачат.exe

Setup

Dey yazilim ve internet hizmetleri san. tic. ltd. sti.

The application vuescan9.4.44x64serialrsload.netскачат.exe by Dey yazilim ve internet hizmetleri san. tic. ltd. sti has been detected as adware by 13 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from hipershare.com and multiple other hosts. While running, it connects to the Internet address 108.168.149.0-static.reverse.softlayer.com on port 80 using the HTTP protocol.
Publisher:
Microsoft  (signed by Dey yazilim ve internet hizmetleri san. tic. ltd. sti.)

Product:
Setup

Version:
1.0.0.0

MD5:
8e3eb3d1936b72a4f9cc8afc7270fee3

SHA-1:
58fed2eff2344bc13959741a90ad8f29befb19e3

SHA-256:
5d6a4616b92bc928979500ef6e6c6c5a5c1e7ad993d7cd05831753bddc9ad493

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/24/2024 1:09:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Joedown.569048.1
7.11.200.12

AVG
Generic
2016.0.3236

Dr.Web
Trojan.KillFiles.18730
9.0.1.08

ESET NOD32
MSIL/Adware.Joedown (variant)
9.10982

Fortinet FortiGate
Adware/Agent
1/8/2015

G Data
Win32.Application.Agent.C0VTDJ
15.1.24

IKARUS anti.virus
not-a-virus:AdWare.MSIL.Agent
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.MSIL.Agent
14.0.0.2673

McAfee
Artemis!8E3EB3D1936B
5600.6892

Qihoo 360 Security
Win32/Virus.Adware.b3d
1.0.0.1015

Reason Heuristics
PUP.Installer.Amonitize
15.2.14.11

Sophos
Generic PUA FI
4.98

Trend Micro House Call
Suspicious_GEN.F47V0107
7.2.8

File size:
555.7 KB (569,048 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2014

Trademarks:
Microsoft

Original file name:
SetupFull.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/12/2014 2:00:00 AM

Valid to:
3/13/2015 1:59:59 AM

Subject:
CN=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., O=Dey yazilim ve internet hizmetleri san. tic. ltd. sti., STREET=kuloglu mah alyon gecidi sok, STREET=beyoglu, L=istanbul, S=istanbul, PostalCode=34433, C=TR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD3AA42CD883A6D47CC56CDA9837EB85

File PE Metadata
Compilation timestamp:
1/7/2015 2:48:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:2S/J1s0ldUmx/bLbYnwch3SoMGsgL7GZOsLa30hTb9MGsgL7G2:2S/J1sGdUmx/bwnwcco/nGZY09R/nG2

Entry address:
0x62F3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
388 KB (397,312 bytes)

The file vuescan9.4.44x64serialrsload.netскачат.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 108.168.149.0-static.reverse.softlayer.com  (108.168.149.0:80)