» 2760d880a99880412391237ac4c378fb4621565e
Overview
Analysis
File Details

2760d880a99880412391237ac4c378fb4621565e

The file 2760d880a99880412391237ac4c378fb4621565e has been detected as a potentially unwanted program by 19 anti-malware scanners. It is installed within the Mozilla Firefox web browser as part of an addin/plugin.

File name:

MD5:

773d6ccc1c9d677d40cba4de7331ec09

SHA-1:

3fe80343d3af8fec9770dad4a553125e158cfc9f

SHA-256:

eb8298c6e2101c5aa223beffc7adb2d7c9871b0dbce89efc1093bfc9f55d9a66

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 6:24:47 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Hacktool.Amtso.A

6435775

Agnitum Outpost

AMTSO_PUA_TEST

7.1.1

AhnLab V3 Security

Win-PUP/Amstotest.33280

2015.01.25

avast!

Win32:AmtsoTest-A [PUP]

150102-1

AVG

Potentially harmful program SpyCar

2014.0.4253

Bitdefender

Application.Hacktool.Amtso.A

1.0.20.125

Dr.Web

AMTSO Test File PUA (Not a Virus!)

9.0.1.05190

Emsisoft Anti-Malware

Application.Hacktool.Amtso

9.0.0.4799

F-Prot

W32/TestFile

4.6.5.141

F-Secure

Riskware.Application:W32/AMTSOPUATestfile

5.13.68

G Data

Application.Hacktool.Amtso

15.1.24

K7 AntiVirus

Unwanted-Program

13.192.14746

Kaspersky

not-a-virus:RiskTool.Win32.EICAR-Test-File

15.0.0.543

Microsoft Security Essentials

Threat.Undefined

1.191.3191.0

MicroWorld eScan

Application.Hacktool.Amtso.A

16.0.0.75

Norman

Application.Hacktool.Amtso.A

03.12.2014 13:20:04

Panda Antivirus

Application/AMTSOPUPTestfile

15.01.25.02

Vba32 AntiVirus

Riskware.AMTSO-Test-PUA

3.12.26.3

Zillya! Antivirus

Backdoor.CPEX.Win32.29390

2.0.0.2044

File size:

32.9 KB (33,656 bytes)

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\2760d880a99880412391237ac4c378fb4621565e

File PE Metadata

Compilation timestamp:

4/5/2013 5:26:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

384:Tq5RHPNdu8uugaZoD0F9+rhQfdJkd/+vO2Dp/EDH6Nb0nuxw1mP+fXNGDvIrxsm:hN0FEheQohEDaNAnmEmANtrWm

Entry address:

0x1200

Entry point:

E8, DA, 14, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, 9C, 40, 00, 89, 0D, 34, 9C, 40, 00, 89, 15, 30, 9C, 40, 00, 89, 1D, 2C, 9C, 40, 00, 89, 35, 28, 9C, 40, 00, 89, 3D, 24, 9C, 40, 00, 66, 8C, 15, 50, 9C, 40, 00, 66, 8C, 0D, 44, 9C, 40, 00, 66, 8C, 1D, 20, 9C, 40, 00, 66, 8C, 05, 1C, 9C, 40, 00, 66, 8C, 25, 18, 9C, 40, 00, 66, 8C, 2D, 14, 9C, 40, 00, 9C, 8F, 05, 48, 9C, 40, 00, 8B, 45, 00, A3, 3C, 9C, 40, 00, 8B, 45, 04, A3, 40, 9C, 40, 00, 8D, 45, 08, A3, 4C, 9C, 40... 
[+]

Entropy:

5.8839

Code size:

17.5 KB (17,920 bytes)

Remove 2760d880a99880412391237ac4c378fb4621565e - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.