» 0f5bba18-ebe1-d881-8a06-5faba54cc943.exe
Overview
Analysis
File Details

0f5bba18-ebe1-d881-8a06-5faba54cc943.exe

The application 0f5bba18-ebe1-d881-8a06-5faba54cc943.exe has been detected as a potentially unwanted program by 20 anti-malware scanners.

File name:

MD5:

692d6903f7407bb3a336b2f4abfa192f

SHA-1:

06e26aa3b27a35dc0532dbc89f86f769d2b497c6

SHA-256:

54f8e990eecf9fa37ea16a667e220c3c9fec0be53bea8a396b384ad9de63be13

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 8:28:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.AddLyrics.31

707

AhnLab V3 Security

PUP/Win32.Addlyrics

2015.02.23

Avira AntiVirus

Adware/AddLyrics.478208.13

7.11.212.6

avast!

Win32:Adware-gen [Adw]

2014.9-150227

AVG

AddLyrics_r

2016.0.3185

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.15227

Bitdefender

Gen:Variant.Adware.AddLyrics.31

1.0.20.290

Emsisoft Anti-Malware

Gen:Variant.Adware.AddLyrics.31

8.15.02.27.11

ESET NOD32

Win32/Adware.AddLyrics.DR (variant)

9.11215

Fortinet FortiGate

Riskware/AddLyrics

2/27/2015

F-Secure

Gen:Variant.Adware.AddLyrics.31

11.2015-27-02_6

G Data

Gen:Variant.Adware.AddLyrics.31

15.2.25

McAfee

Artemis!692D6903F740

5600.6841

MicroWorld eScan

Gen:Variant.Adware.AddLyrics.31

16.0.0.174

NANO AntiVirus

Riskware.Win32.AddLyrics.dnojxl

0.30.0.296

Panda Antivirus

Trj/Genetic.gen

15.02.27.11

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.27.23

SUPERAntiSpyware

Adware.AddLyrics/Variant

10027

Trend Micro House Call

TROJ_GEN.R0C1B01BD15

7.2.58

VIPRE Antivirus

Trojan.Win32.Generic

37794

File size:

467 KB (478,208 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\0f5bba18-ebe1-d881-8a06-5faba54cc943.exe

File PE Metadata

Compilation timestamp:

1/29/2015 9:37:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:81ZRoleBWPu8qCwet2GGmnwMCzXcXLrQ+C:81lMPuEjGmnvCzM3+

Entry address:

0x24C4A

Entry point:

E8, AE, C5, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, D6, C6, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, F8, C6, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, DE, C6, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, E2, C6, 00, 00, 83, C4, 10, 5D, C3, 6A, 0C, 68, 38, C1, 45, 00, E8, E9, 26, 00, 00, 33, C0, 8B... 
[+]

Entropy:

6.4612

Code size:

307 KB (314,368 bytes)

Remove 0f5bba18-ebe1-d881-8a06-5faba54cc943.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.