» amt_webssearches.exe
Overview
Analysis
File Details

amt_webssearches.exe

233_amt

Skytouch Technology Co., Limited

The application amt_webssearches.exe by Skytouch Technology Co., Limited has been detected as adware by 12 anti-malware scanners. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Wish Application (signed by Skytouch Technology Co., Limited)

Product:

233_amt

Description:

Wish Application

Version:

5.1.0.234

MD5:

22eab7c7f6d957aa2b95c17c2e96fdac

SHA-1:

7e3a6ef7195727476607705dbd22b21f239cc6c2

SHA-256:

6eade38a8982d86cae2d4f65fa063a67242ee5aa534c19af32132b8ed544b863

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

4/27/2024 4:20:17 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AVG

Skytech

2015.0.3418

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.14423

Dr.Web

Adware.Mutabaha.50

9.0.1.0191

ESET NOD32

Win32/ELEX.AF (variant)

8.9705

Fortinet FortiGate

Riskware/Elex

7/10/2014

G Data

Win32.Application.SubTab

14.7.24

Malwarebytes

PUP.Optional.SkyTech.A

v2014.04.23.02

McAfee

Artemis!E371C455F13C

5600.7074

Reason Heuristics

PUP.SkytouchTechnologyCoLimited.Q

14.4.23.2

Trend Micro House Call

TROJ_GEN.F47V0422

7.2.191

VIPRE Antivirus

Trojan.Win32.Generic

29290

File size:

582.1 KB (596,120 bytes)

Product version:

5.1.0.234

Wish Application Setup 1.0

Original file name:

Wish.exe

File type:

Executable application (Win32 EXE)

Language:

English (Wielka Brytania)

Common path:

C:\users\{user}\appdata\local\temp\amt_webssearches.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

10/24/2013 7:52:17 AM

Valid to:

7/9/2014 10:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata

Compilation timestamp:

4/21/2014 5:12:50 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Vh5T3JUal/3Vym3qlhxS8KNQa3IqAl+r3eVl:35jJUalMm3qlhxShNDWl

Entry address:

0x2AD22

Entry point:

E8, CC, C4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 5D, E9, 00, 00, 00, 00, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 75, 11, 00, 00, 83, C4, 0C, 5D, C3, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 33, C0, 59, 8D, 7D, E4, F3, AB, 39, 45, 14, 75, 18, E8, D9, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, DA, 91, 00, 00, 83, C8, FF, E9, 93, 00, 00, 00, 8B, 7D, 0C, 56, 8B, 75, 10, 85, F6, 74, 19, 85, FF, 75, 15, E8, B2, 0E, 00, 00, C7, 00, 16, 00, 00, 00, E8, B3, 91, 00, 00, 83, C8, FF, EB, 6E, B8, FF, FF... 
[+]

Code size:

297 KB (304,128 bytes)

Remove amt_webssearches.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.