home

AnyProtect.exe

AnyProtect

AnyProtect.com

The application AnyProtect.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler named APSnotifierPP1 triggered by a time event. The file has been seen being downloaded from 113.171.224.246 and multiple other hosts.
Publisher:
AnyProtect.com

Product:
AnyProtect

Version:
1,0,0,4

MD5:
2691439fac40f46c937bb684a3ae2e0f

SHA-1:
9abbaf453246d0c43d62e3a372f40807fb500bcd

SHA-256:
17bc4479b95d557c3150e3486ad3de2f3309e4ec9fc9a649638cc5d31783278d

Scanner detections:
21 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:59:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PCA
701

Agnitum Outpost
Trojan.BPlug
7.1.1

AhnLab V3 Security
PUP/Win32.AnyProtect
2015.03.06

AVG
Adware Generic_r
2016.0.3179

Bitdefender
Adware.Agent.PCA
1.0.20.320

Clam AntiVirus
Win.Adware.Ramnit-10
0.98/20526

Dr.Web
Adware.ClickMeIn.1494
9.0.1.0158

Emsisoft Anti-Malware
Adware.Agent.PCA
8.15.03.05.04

ESET NOD32
Win32/AnyProtect.H potentially unwanted application
7.0.302.0

F-Secure
Adware.Agent.PCA
11.2015-05-03_5

G Data
Adware.Agent.PCA
15.3.25

herdProtect (fuzzy)
variant of trz7014.tmp
2015.6.12.9

K7 AntiVirus
Riskware
13.200.15176

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1921

MicroWorld eScan
Adware.Agent.PCA
16.0.0.192

Norman
Adware.Agent.PCA
11.20150607

nProtect
Adware.Agent.PCA
15.05.29.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Optional.Task
15.3.5.16

Sophos
PUA 'AnyProtect'
5.14

VIPRE Antivirus
Threat.4150696
40830

File size:
6.1 MB (6,434,816 bytes)

Product version:
1,0,0,4

Copyright:
Copyright 2013. All rights reserved.

Original file name:
AnyProtect.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\anyprotectex\anyprotect.exe

File PE Metadata
Compilation timestamp:
3/5/2015 8:15:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:PijTW3uY7Cnp5FiB52h3mkcXrjJt+VWiPj1:PijK3B7/BQ4kSjZy

Entry address:
0x185BCD

Entry point:
E8, 98, 98, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 71, 68, 00, 75, 02, F3, C3, E9, 1F, 99, 00, 00, 8B, C1, 83, 60, 04, 00, C7, 00, 98, 65, 63, 00, C6, 40, 08, 00, C3, 8B, 41, 04, 85, C0, 75, 05, B8, A0, 65, 63, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 85, 5D, 00, 00, 8D, 70, 01, 56, E8, A9, 2D, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, D4, 99, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D, C2, 04, 00, 8B, FF, 56, 8B, F1, 80, 7E, 08, 00...
 
[+]

Code size:
2.1 MB (2,156,032 bytes)

Scheduled Task
Task name:
APSnotifierPP1

Trigger:
Time

Description:
Performs maintenance tasks for the APS subsystem


The file AnyProtect.exe has been seen being distributed by the following 5 URLs.

http://113.171.224.246/.../AnyProtect.exe

http://113.171.224.178/.../AnyProtect.exe

http://113.171.224.175/.../AnyProtect.exe

http://113.171.224.211/.../AnyProtect.exe

http://www.anyprotect.com/ui/.../AnyProtect.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-174-129-201-100.compute-1.amazonaws.com  (174.129.201.100:80)

TCP (HTTP):
Connects to ec2-23-21-192-168.compute-1.amazonaws.com  (23.21.192.168:80)

TCP (HTTP):
Connects to ec2-107-21-92-72.compute-1.amazonaws.com  (107.21.92.72:80)

TCP (HTTP):
Connects to ec2-107-21-122-166.compute-1.amazonaws.com  (107.21.122.166:80)

TCP (HTTP):
Connects to ec2-54-243-78-255.compute-1.amazonaws.com  (54.243.78.255:80)

TCP (HTTP):
Connects to ec2-54-221-242-52.compute-1.amazonaws.com  (54.221.242.52:80)

TCP (HTTP):
Connects to 208.43.241.178-static.reverse.softlayer.com  (208.43.241.178:80)

TCP (HTTP):
Connects to 198.105.215.132.static.midphase.com  (198.105.215.132:80)

Remove AnyProtect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.