» 4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe
Overview
Analysis
File Details
Behaviors (1)

4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe

4338c8f1c20b4f7ab4a6e17b6b1b9ca1

The application 4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named KTRXGIHA triggered by a time event.

File name:

Product:

4338c8f1c20b4f7ab4a6e17b6b1b9ca1

Version:

1.0.0.145

MD5:

1f41d15ac56b8581dc49b1931f6cd443

SHA-1:

8dd8b68311c8af7e26c657d2eca62957b1111613

SHA-256:

d91bfba52f48f9eff71b75a18ed401036aefd22f558efb13aef1305cac9c4793

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 11:01:05 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.14316

597

AhnLab V3 Security

PUP/Win32.PicColor

2015.06.01

avast!

Win32:Adware-gen [Adw]

2014.9-150618

Baidu Antivirus

Adware.Win32.PicColor

4.0.3.15618

Bitdefender

Gen:Variant.Mikey.14316

1.0.20.845

Emsisoft Anti-Malware

Gen:Variant.Mikey.14316

8.15.06.18.05

ESET NOD32

Win32/Adware.PicColor.AB (variant)

9.11714

F-Secure

Gen:Variant.Mikey.14316

11.2015-18-06_5

G Data

Gen:Variant.Mikey.14316

15.6.25

IKARUS anti.virus

PUA.PicColor

t3scan.1.9.2.0

Malwarebytes

PUP.Optional.JellySplit.Gen.A

v2015.06.18.05

MicroWorld eScan

Gen:Variant.Mikey.14316

16.0.0.507

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.27.8

SUPERAntiSpyware

PUP.JellySplit/Variant

9807

File size:

299 KB (306,176 bytes)

Product version:

1.0.0.145

Original file name:

4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\4338c8f1c20b4f7ab4a6e17b6b1b9ca1\4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe

File PE Metadata

Compilation timestamp:

5/26/2015 1:46:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:2WchQHi2M7Zrql+vQXWrP4p79YqdSrutowcjl:BkO+vbrP4zSrutowcj

Entry address:

0x148D2

Entry point:

E8, 22, 84, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74... 
[+]

Code size:

230.5 KB (236,032 bytes)

Scheduled Task

Task name:

KTRXGIHA

Trigger:

Time (Next runs on 27/05/2015 at 15:56)

Remove 4338c8f1c20b4f7ab4a6e17b6b1b9ca1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.