aa_v3.exe

Ammyy Admin

Ammyy

The application aa_v3.exe by Ammyy has been detected as adware by 16 anti-malware scanners.
Publisher:
Ammyy LLC  (signed by Ammyy)

Product:
Ammyy Admin

Version:
3.0

MD5:
7057a9b1a27bb3366f2ca7627d70ee63

SHA-1:
13ae45673b0f8efe5a2b7c7e9907aca6650a9705

SHA-256:
9d5d71e566117758857d38cfa63c375c55c3674205f77cc4354d0c8ee3e942c1

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/25/2024 8:03:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.RemoteAdmin
7.1.1

AhnLab V3 Security
PUP/Win32.RemoteAdmin
2014.08.19

Avira AntiVirus
SPR/RemoteAdmin.AB
7.11.124.22

avast!
Win32:PUP-gen [PUP]
2014.9-160119

Bkav FE
W32.Clod820.Trojan
1.3.0.4613

Clam AntiVirus
Win.Trojan.Katusha-369
0.98/19879

Comodo Security
UnclassifiedMalware
19241

Dr.Web
Program.RemoteAdmin.701
9.0.1.019

ESET NOD32
Win32/RemoteAdmin.Ammyy (variant)
10.9252

K7 AntiVirus
Unwanted-Program
13.174.10644

Kaspersky
not-a-virus:RemoteAdmin.Win32.Agent
14.0.0.793

NANO AntiVirus
Trojan.Win32.RemoteAdmin.cqwpdg
0.28.0.57473

nProtect
Trojan/W32.Agent.730960
13.12.26.02

Reason Heuristics
PUP.Ammyy (M)
16.1.19.7

Rising Antivirus
PE:Malware.Ammyy!6.854
23.00.65.16117

VIPRE Antivirus
Trojan.Win32.Generic
25192

File size:
713.8 KB (730,960 bytes)

Product version:
3.0

Original file name:
AMMYY_Admin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/4/2011 5:30:00 AM

Valid to:
11/4/2012 5:29:59 AM

Subject:
CN=Ammyy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ammyy, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5F442BEEED4174761DED2A9AEF47DE90

File PE Metadata
Compilation timestamp:
9/5/2012 3:07:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:pVr29UGEg6VUM5oAL1jq3E2jj0NOjAqHKtCessZWjya7VM1en9Nm1RtNeCVao2Vp:LUbj4qwCessA41Rt0CVMVZtxP

Entry address:
0x771FE

Entry point:
55, 8B, EC, 6A, FF, 68, B0, 28, 48, 00, 68, A0, 73, 47, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, F0, E4, 47, 00, 59, 83, 0D, D0, D4, 4A, 00, FF, 83, 0D, D4, D4, 4A, 00, FF, FF, 15, EC, E4, 47, 00, 8B, 0D, B8, D4, 4A, 00, 89, 08, FF, 15, E8, E4, 47, 00, 8B, 0D, B4, D4, 4A, 00, 89, 08, A1, E4, E4, 47, 00, 8B, 00, A3, CC, D4, 4A, 00, E8, 62, 1E, FA, FF, 39, 1D, 10, 5E, 4A, 00, 75, 0C, 68, CA, 73, 47, 00, FF, 15, E0, E4...
 
[+]

Entropy:
6.6099

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
500 KB (512,000 bytes)

Remove aa_v3.exe - Powered by Reason Core Security