home

activehome.exe

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from files.buyitsellit.com and multiple other hosts.
MD5:
2185b2a898535bcd6102bb24b76a6bd4

SHA-1:
54cd582394aa4e7e6853df492ed3c2f24f4833e3

SHA-256:
ce20b950540307893c690dad9dc8d6e17e0c137b2ef235d4ce77feb50bec118e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 11:57:58 AM UTC  (today)

File size:
3.4 MB (3,615,285 bytes)

File type:
Executable application (Win64 EXE)

Language:
English (United States)

File PE Metadata
OS version:
78.11639

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
2.0

CTPH (ssdeep):
49152:BQ+5ti6zSEn3sD7I+ebRJ12MTDqgqi3JTcRvXjAYp9CI0wpIUQorDKX1QG1mtrBo:BQ+a1E3kCJPqg5ZyXjA/I/6PorCQJtuT

Entry address:
0xB400AE

Entropy:
7.9984  (probably packed)

Code size:
192 KB (196,610 bytes)

Scheduled Task
Task name:
{3AB0A81A-3FC6-41E5-9359-EC0EA8A53392}

Trigger:
Registration (Runs on registration)


The file activehome.exe has been seen being distributed by the following 3 URLs.

http://files.buyitsellit.com/.../CM11A_ActiveHome_Setup_primary.exe

ftp://ftp.x10.com/pub/applications/.../ahsetup.exe

http://www.authinx.com/.../activehome.exe

Scan activehome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.