home

advnm.exe

EduIQ.com Damjan Kriznik s.p.

This is a setup program which is used to install the application. The file has been seen being downloaded from www.eduiq.com.
Publisher:
EduIQ.com Damjan Kriznik s.p.  (signed and verified)

MD5:
58780700703fdb73fc20ec805bca088b

SHA-1:
44ded4d6c51f0310080ba1b868a1678f8a79158f

SHA-256:
8cfae911924f98f2ab8d3124dca9208886aabf662c1a078ac380918f489dd3b2

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 3:05:44 AM UTC  (today)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0918
7.2.50

File size:
13.4 MB (14,076,160 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\advnm.exe

Digital Signature
Signed by:
EduIQ.com Damjan Kriznik s.p.

Authority:
COMODO CA Limited

Valid from:
8/7/2012 3:00:00 AM

Valid to:
8/8/2014 2:59:59 AM

Subject:
CN=EduIQ.com Damjan Kriznik s.p., O=EduIQ.com Damjan Kriznik s.p., STREET=Slovenja vas 2D, L=HAJDINA, S=SLOVENIA, PostalCode=2288, C=SI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C6910D557A2D6EB49458799D35EABFAC

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:boCCtSLIZS7D+ApRt+aFvJMVtUxJH/bFGtD:ICIZS7DHjHFxMVmr/bwJ

Entry address:
0x6A3A0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 78, A1, 46, 00, E8, 0C, BC, F9, FF, A1, 8C, C9, 46, 00, 8B, 00, E8, F8, 9C, FE, FF, A1, 8C, C9, 46, 00, 8B, 00, BA, 00, A4, 46, 00, E8, F7, 98, FE, FF, 8B, 0D, 20, C9, 46, 00, A1, 8C, C9, 46, 00, 8B, 00, 8B, 15, A4, 96, 46, 00, E8, E7, 9C, FE, FF, A1, 8C, C9, 46, 00, 8B, 00, E8, 5B, 9D, FE, FF, E8, BE, 9A, F9, FF, 00, 00, FF, FF, FF, FF, 05, 00, 00, 00, 53, 65, 74, 75, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9862  (probably packed)

Code size:
421.5 KB (431,616 bytes)

The file advnm.exe has been seen being distributed by the following URL.

http://www.eduiq.com/.../advnm.exe

Scan advnm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.