» 15 ـ محاسبة تكاليف ـ منير سالم دار النهضة العربية.exe
Overview
Analysis
File Details
Downloads (1)

15 ـ محاسبة تكاليف ـ منير سالم دار النهضة العربية.exe

eBook Workshop

Ada99.com

The application 15 ـ محاسبة تكاليف ـ منير سالم دار النهضة العربية.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download809.mediafire.com.

File name:

Publisher:

Ada99.com

Product:

eBook Workshop

Version:

1.4.0.0

MD5:

a19f2297b711411c21c19a76d1ef90d1

SHA-1:

e0fadc32f17e2c9b377d52989de68f6ad1379b31

SHA-256:

60f8d739e3528e8edb92917ef2c41afe8131f84734ef7b1cb247c87b2659b76c

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/27/2024 1:22:40 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-141029

Clam AntiVirus

Trojan.Adaebook

0.98/21411

Fortinet FortiGate

Riskware/AdaEbook

10/29/2014

F-Prot

W32/AdaEbook.A.gen

v6.4.7.1.166

Malwarebytes

PUP.Spyware.AdaEbook

v2014.10.29.04

McAfee

Artemis!A19F2297B711

5600.6962

Norman

Smalldoor.AUCI

11.20141029

Reason Heuristics

PUP.Ada99.r

14.10.29.16

Sophos

AdaEbook

4.98

SUPERAntiSpyware

Spyware.AdaEbook

10270

Trend Micro House Call

TROJ_GEN.R0C1B01HO14

7.2.302

VIPRE Antivirus

AdaEbook

34336

Zillya! Antivirus

Trojan.Keylogger.Win32.24029

2.0.0.1972

File size:

363 KB (371,722 bytes)

Product version:

1.4.0.0

Trademarks:

Original file name:

book.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:OS6pEDNztbRJpGEa3oYj4nfA9S+EmGG82o4GCCdKjBOmHs+8UjR1QR5KRSM:OS3NhIPYYE49Se82bBVHs+8LRU

Entry address:

0xA9001

Entry point:

60, E8, 72, 05, 00, 00, EB, 33, 87, DB, 90, 00, 40, 49, 00, 10, 40, 49, 00, D4, F4, 48, 00, 10, 50, 49, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 0A, 00, 00, 00, 40, 00, 00, 10, 09, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 09, 00, BB, 3C, 39, 44, 00, 03, DD, 2B, 9D, 60, 39, 44, 00, 83, BD, 98, 47, 44, 00, 00, 89, 9D, 98, 47, 44, 00, 0F, 85, 81, 04, 00, 00, 8D, 85, A0, 47, 44, 00, 50, FF, 95, AC, 48, 44, 00, 89, 85, 9C, 47, 44, 00, 8B, F8, 8D, 9D, AD, 47, 44, 00, 53, 50, FF, 95, A8, 48, 44, 00, 89, 85... 
[+]

Entropy:

7.9759

Packer / compiler:

ASPack v2.1

Code size:

558.5 KB (571,904 bytes)

The file 15 ـ محاسبة تكاليف ـ منير سالم دار النهضة العربية.exe has been seen being distributed by the following URL.

http://download809.mediafire.com/fq7uht7pdrhg/.../15 ? ?????? ?????? ? ???? ???? ??? ?????? ???????.exe

Remove 15 ـ محاسبة تكاليف ـ منير سالم دار النهضة العربية.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.