home

aa_v3.exe

Ammyy Admin

Ammyy

The executable aa_v3.exe by Ammyy has been known to be a potentially unwanted program that has been detected by 13 anti-malware scanners. This is a setup program which is used to install the application. Additionally, the file is typically installed by a number of programs including Strelitzia by Florisoft Ltd and Toolwiz Care by ToolWiz. The file has been seen being downloaded from info.stickoinfo.com and multiple other hosts.
Publisher:
Ammyy LLC  (signed by Ammyy)

Product:
Ammyy Admin

Version:
3.4

MD5:
190785b2bb664324334c1b5231b5c4b0

SHA-1:
07539abb2623fe24b9a05e240f675fa2d15268cb

SHA-256:
4731517b198414342891553881913565819509086b8154214462788c740b34c9

Scanner detections:
13 / 68

Status:
Clean  (13 false positive detections)

False Positives:
A number of engines detected this file but were erroneous detections (false positives).

Analysis date:
4/18/2024 6:57:48 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.RemoteAdmin
7.1.1

Dr.Web
Program.RemoteAdmin.701
9.0.1.0276

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant)
8.10047

Fortinet FortiGate
Riskware/Ammyy
10/3/2014

Kaspersky
not-a-virus:RemoteAdmin.Win32.Ammyy
14.0.0.3158

McAfee
Artemis!5616D57C2DA8
5600.6989

NANO AntiVirus
Riskware.Win32.RemoteAdmin.dbfbaj
0.28.0.60577

Panda Antivirus
Trj/Chgt.A
14.10.03.11

Qihoo 360 Security
Win32/Virus.RemoteAdmin.6e7
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.3.11

Sophos
Generic PUA CD
4.98

Trend Micro House Call
Suspicious_GEN.F47V0627
7.2.276

VIPRE Antivirus
Remote-Access.Win32.Ammyy
30960

File size:
726.3 KB (743,704 bytes)

Product version:
3.4

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ammyy

Authority:
VeriSign, Inc.

Valid from:
1/14/2014 2:00:00 AM

Valid to:
1/15/2015 1:59:59 AM

Subject:
CN=Ammyy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ammyy, L=Москва, S=Москва, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
52C9E020C4D675A668E1DDEB0EF1167B

File PE Metadata
Compilation timestamp:
1/14/2014 10:25:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8YdNctvsfu2LVBfKf057C9lRt3i5olGJsxhzagH:HdNikfu2hBfK8ilRty5olGJsxNH

Entry address:
0x79AFE

Entry point:
55, 8B, EC, 6A, FF, 68, 00, 47, 48, 00, 68, A0, 9C, 47, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A0, 03, 48, 00, 59, 83, 0D, E0, FD, 4A, 00, FF, 83, 0D, E4, FD, 4A, 00, FF, FF, 15, A4, 03, 48, 00, 8B, 0D, C8, FD, 4A, 00, 89, 08, FF, 15, A8, 03, 48, 00, 8B, 0D, C4, FD, 4A, 00, 89, 08, A1, AC, 03, 48, 00, 8B, 00, A3, DC, FD, 4A, 00, E8, A7, A0, FA, FF, 39, 1D, F0, 86, 4A, 00, 75, 0C, 68, CA, 9C, 47, 00, FF, 15, B0, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
508 KB (520,192 bytes)

Windows Firewall Allowed Program
Name:
D:\download\AA_v3.exe


The file aa_v3.exe has been discovered within the following programs.

Strelitzia  by Florisoft Ltd
www.florisoft.co.uk
About 9% of users remove it
Toolwiz Care  by ToolWiz
Publisher's description - “ToolWiz Care is a set of free-of-charge tools designed to speed up your PC and give your system a full range of care.”
www.Toolwiz.com
4% remove it
 
Powered by Should I Remove It?

The file aa_v3.exe has been seen being distributed by the following 50 URLs.

http://info.stickoinfo.com/.../stickoinfo.exe

http://corpnet.com.br/suporte4.exe

http://downloads.jhpolice.gov.in/sites/default/files/.../AA_v3.4.exe

http://gerenciador.nzs.com.br/nocache/programas/urls/iron/.../ammyy-admin-2-91-4102682.exe

http://192.185.222.9/.../file_download2.php?pr=DMAmmyy

http://www.modestodistribuidora.com.br/download_modesto//ACESSO REMOTO MODESTO.exe

http://copysistem.com.br/upload/.../ammyy-admin.exe

https://box.network7.eu/owncloud/index.php/s/.../download

http://static.sicdigital.com.br/.../AA_v3.exe

https://wetransfer-us1.s3.amazonaws.com/63f1a810436f9339e8115b845e8e111920151217191251?response-content-disposition=attachment; foo=bar; filename="AA_v3.exe"; filename*=UTF-8''AA_v3.exe&AWSAccessKeyId=AKIAIQ6E6WYDY7EA2ZIQ&Expires=1450446532&Signature=zRjrTIToQPXTxXL5ZUXoT5xPJrM=

http://www.pomagam.it/.../ammyy.exe

http://www.sciceuta.es/soportet.exe

http://www.hotlib.com/20067/.../AA_v3.exe

http://www.prestosoft-jo.com/Prestosoft_Support.exe

http://www.heytec.com.br/.../remoto.exe

http://www.solor.ca/.../solor_a.exe

http://megasystem.es/.../AA_v3.exe

http://www.eduardoescudero.com/?wpdmact=process&did=Mi5ob3RsaW5r

https://mega.nz/persistent/.../FhlAgJqB

http://www.ex.ua/.../93208691

http://www.tools.daxxi.com.br/UTIL/.../AA_v3.4.exe

ftp://archivos.conafe.gob.mx/CONAFE/Oficinas Centrales/DP/Subdirección de Informatica/Depto de Redes y Comunicaciones/.../AA_v3.exe

http://www.datamais.com.br/.../DMAmmyy.exe

http://www.marxinfo.com.br/.../AA_v3.4.exe

http://www.sealweb.it/AreaPubblica/.../AA_v3.exe

http://www.encode.es/.../remoto.exe

http://www.sistemasdixitais.es/.../soportetv.exe

https://onedrive.live.com/download.aspx?cid=C5389F68A75C48C0&authKey=!APMn1ClgpRFse1M&resid=C5389F68A75C48C0!536&ithint=.exe

https://www.capitalfocus.in/assets/.../AA_v3.4.exe

ftp://81.6.137.254/AA_v3.4.exe

Latest 30 of 96 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.