» 4ecd475a-a99c-3b4a-ec25-6f11b225b1d6
Overview
Analysis
File Details

4ecd475a-a99c-3b4a-ec25-6f11b225b1d6

SimilarWeb Ltd.

The file 4ecd475a-a99c-3b4a-ec25-6f11b225b1d6 by SimilarWeb has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer.

File name:

Publisher:

SimilarSites (signed by SimilarWeb Ltd.)

Product:

SimilarSites

Version:

0.0.0.1

MD5:

b97c16c044aed10c80ad5df90c081456

SHA-1:

aa192f482d1af4cb0629c081f9a80b0f900f25ac

SHA-256:

2883d2ff7c8a11aa89c52fbab026663b338cfacfc2bbe45e5fd252b362b302f1

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 9:40:55 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160215-2

AVG

Win32/Mabezat

2015.0.4530

Dr.Web

Adware.Downware.1509, Win32.HLLW.Tazebama

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

10.0.0.5366

ESET NOD32

Win32/Mabezat.A virus

7.0.302.0

F-Prot

W32/Mabezat.A-2

4.6.5.141

Kaspersky

Worm.Win32.Mabezat

15.0.0.562

McAfee

Virus.W32/Mabezat.c

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6922.0

Norman

Win32.Worm.Mabezat.Gen

19.02.2016 10:08:15

Reason Heuristics

PUP.SimilarGroup.SimilarWeb.Installer (M)

16.2.23.23

File size:

222.2 KB (227,575 bytes)

Product version:

0.0.0.1

Installer:

Nullsoft Scriptable Install System

Language:

Language Neutral

Common path:

C:\windows\temp\mrt\dd51b914-25c9-427c-bec8-da8bb2597585\filesstash\4ecd475a-a99c-3b4a-ec25-6f11b225b1d6

Digital Signature

Signed by:

SimilarWeb Ltd.

Authority:

VeriSign, Inc.

Valid from:

3/20/2012 12:00:00 AM

Valid to:

3/20/2013 11:59:59 PM

Subject:

CN=SimilarWeb Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SimilarWeb Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

437307139AB8798C2CF18A6B3A5CA054

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:uLk39PhYXJm45EnRjy4lY6Y5CTB3l9EbHbfSskFvZNaNPkD/lXymZQD:uQUgHRjtS6Y4B3lsvkd/aNPaheD

Entry address:

0x30CB

Entry point:

BB, 4E, 92, 70, 88, 93, E9, 20, 01, 00, 00, 00, A6, 09, 05, B1, 35, 09, 05, 11, A6, 8A, 89, 89, 09, 89, 89, 06, 89, 89, 89, E8, BA, BF, BA, B9, BA, C2, C0, BF, 89, 89, 89, FD, EA, 03, EE, EB, EA, F6, EA, B7, ED, F5, F5, 89, 89, 89, 89, E5, 89, 89, 89, CF, FB, EE, EE, D5, F2, EB, FB, EA, FB, 02, 89, CC, FB, EE, EA, FD, EE, CD, F2, FB, EE, EC, FD, F8, FB, 02, CA, 89, 89, 89, 89, D0, EE, FD, E0, F2, F7, ED, F8, 00, FC, CD, F2, FB, EE, EC, FD, F8, FB, 02, CA, 89, 89, 89, 89, D0, EE, FD, D6, F8, ED, FE, F5, EE... 
[+]

Code size:

22.5 KB (23,040 bytes)

Remove 4ecd475a-a99c-3b4a-ec25-6f11b225b1d6 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.