» 54299.malware
Overview
Analysis
File Details

54299.malware

signkey

JAMIcommunication

The file 54299.malware by JAMIcommunication has been detected as a potentially unwanted program by 16 anti-malware scanners.

File name:

54299.malware

Publisher:

(주) 이연 커뮤니케이션 (signed by JAMIcommunication)

Product:

signkey

Version:

1.0.0.0

MD5:

d7ffc80a188d87053b7bfb3589559419

SHA-1:

6c0ad0a8b01d66d87df9b45567494f8622370a57

SHA-256:

f622f2b620c1d52f4602fa1d63bba606039d4f043cc0d477a25954b10475b977

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 7:51:18 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.SignKey

2013.12.06

Avira AntiVirus

Adware/Adware.BCF.23

7.11.118.10

avast!

Win32:Adware-BCF [Adw]

2014.9-141028

Comodo Security

ApplicUnwnt

17393

ESET NOD32

Win32/Adware.Kraddare.HH (variant)

8.9137

Fortinet FortiGate

W32/Badur.FPYN!tr

10/28/2014

G Data

Win32.Trojan.Agent.YGK7PD

14.10.22

IKARUS anti.virus

Trojan-Spy.Win32.Banker.JU

t3scan.2.2.29

K7 AntiVirus

Adware

13.174.10426

Kaspersky

Trojan.Win32.Badur

14.0.0.3034

Malwarebytes

Adware.Korad

v2014.10.28.03

McAfee

Artemis!D7FFC80A188D

5600.6964

Panda Antivirus

Suspicious file

14.10.28.03

Reason Heuristics

PUP.JAMIcommunication.M

14.10.28.3

Sophos

Generic PUA GM

4.95

Trend Micro House Call

TROJ_GEN.F47V1128

7.2.301

File size:

962.6 KB (985,680 bytes)

Product version:

1.0.0.0

Original file name:

e_signkey.exe

Digital Signature

Signed by:

JAMIcommunication

Authority:

Thawte, Inc.

Valid from:

11/29/2012 9:00:00 AM

Valid to:

12/30/2013 8:59:59 AM

Subject:

CN=JAMIcommunication, OU=Dev Team, O=JAMIcommunication, L=Seoul, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6526C78972B32CB7FABDEF824A16B2ED

File PE Metadata

Compilation timestamp:

6/20/1992 7:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:yLiSULNr8+ZbzZs4SV4iigIk/X4uJ9IkFMXVqFGib4u5:UiFNr8+ZbzZTQIJuJ9I8MXMAu5

Entry address:

0x295D30

Entry point:

60, BE, 00, B0, 5A, 00, 8D, BE, 00, 60, E5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11... 
[+]

Entropy:

7.9212

Packer / compiler:

UPX 2.90LZMA

Code size:

940 KB (962,560 bytes)

Remove 54299.malware - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.