» 52b6ecaad6f92fff15524951631b3a1c4f50e5b90d658e281d4945c9d1d89fd4.exe
Overview
Analysis
File Details

52b6ecaad6f92fff15524951631b3a1c4f50e5b90d658e281d4945c9d1d89fd4.exe

Rational Thought Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application 52b6ecaad6f92fff15524951631b3a1c4f50e5b90d658e281d4945c9d1d89fd4.exe by Rational Thought Solutions has been detected as adware by 11 anti-malware scanners.

File name:

Publisher:

Rational Thought Solutions (signed and verified)

MD5:

14df59488066cefec5afb656a8315cdd

SHA-1:

f980d67b5a6ed4141f68c21af89e21ba72ccbe5c

SHA-256:

52b6ecaad6f92fff15524951631b3a1c4f50e5b90d658e281d4945c9d1d89fd4

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

5/1/2024 4:13:54 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3091

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Yontoo.68

9.0.1.0153

K7 AntiVirus

Riskware

13.204.16006

Malwarebytes

PUP.Optional.PullUpdate.A

v2015.06.02.08

Panda Antivirus

PUP/PullUpdate

15.06.02.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Quick Heal

PUA.MSJDGBTIR.OD6

6.15.14.00

Reason Heuristics

PUP.Injekt.RationalThoughtSolutions

15.6.2.8

Trend Micro House Call

Suspicious_GEN.F47V0523

7.2.153

Vba32 AntiVirus

AdWare.MSIL.PullUpdate

3.12.26.4

File size:

524.5 KB (537,072 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Rational Thought Solutions

Authority:

Symantec Corporation

Valid from:

1/24/2015 1:00:00 AM

Valid to:

4/25/2016 1:59:59 AM

Subject:

CN=Rational Thought Solutions, O=Rational Thought Solutions, L=St. James, S=St. James, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

00B81C1C4DB6AD87B9B581116F115E4C

File PE Metadata

Compilation timestamp:

5/21/2015 3:42:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Dgllhn3uuZLFbCatGM8q0VhnMvgAxZADkFxfxruRP3z:DenZxhMhnMX3ADuxKRP3z

Entry address:

0x429CF

Entry point:

E8, F0, D4, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, EC, 84, 47, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 60, 60, 47, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, EC, 84, 47, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00... 
[+]

Entropy:

6.3256

Code size:

390.5 KB (399,872 bytes)

Remove 52b6ecaad6f92fff15524951631b3a1c4f50e5b90d658e281d4945c9d1d89fd4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.