home

advanced_system_protector_2.exe

Tanja Matkovic

The application advanced_system_protector_2.exe by Tanja Matkovic has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.clickandownload.com and multiple other hosts.
Publisher:
Tanja Matkovic  (signed and verified)

MD5:
385ba14222394dec0886b82e5ecb30e2

SHA-1:
13cf36ea100ef3fa00ccd9c04bfb62484558f7f3

SHA-256:
36fd1ad02d2e18aabb78cd5333b6b006e975ddd0f52e784f53c4ad21ed14eae7

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/26/2024 5:38:05 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
17715

Dr.Web
Adware.Yontoo.4
9.0.1.043

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.02.12.10

McAfee
Artemis!385BA1422239
5600.7221

Qihoo 360 Security
Win32/Virus.Adware.47b
1.0.0.1015

Reason Heuristics
PUP.TanjaMatkovic.BB
14.3.29.10

Sophos
1 Click Downloader
4.97

Trend Micro House Call
TROJ_GEN.F47V0130
7.2.43

VIPRE Antivirus
CoolMirage Ltd
26052

File size:
431 KB (441,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\advanced_system_protector_2.exe

Digital Signature
Signed by:
Tanja Matkovic

Authority:
Thawte, Inc.

Valid from:
5/1/2013 1:00:00 AM

Valid to:
5/2/2014 12:59:59 AM

Subject:
CN=Tanja Matkovic, OU=Individual Developer, O=No Organization Affiliation, L=Subotica, S=Subotica, C=RS

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6A3131F81D52E40A00F4396C56D649C5

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:ia6fT0ukJcbnme7N5CxBkjFsPVdUEQiHfMKXO:f6fTTbnmUNDSPVbQi0Ke

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file advanced_system_protector_2.exe has been seen being distributed by the following 2 URLs.

http://www.clickandownload.com/.../wkd.skin.tight.400p.exe

http://www.clickandownload.com/.../Advanced_System_Protector_2.exe

Remove advanced_system_protector_2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.