» ap10013.exe
Overview
Analysis
File Details

ap10013.exe

AP Suggestor silent installer

Think Tank Labs, LLC

The application ap10013.exe, “AP Suggestor silent installer for Internet Explorer, Mozilla Firefox and Google Chrome” by Think Tank Labs has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

ap10013.exe

Publisher:

APSolo LTD UK (signed by Think Tank Labs, LLC)

Product:

AP Suggestor silent installer

Description:

AP Suggestor silent installer for Internet Explorer, Mozilla Firefox and Google Chrome

Version:

1.1.5.0

MD5:

f19818376faa0c75518723c0ca9f4bfd

SHA-1:

45624e468ff4c21d01c3a747151e9d0e3d9bc14d

SHA-256:

e2e6e80434391699b196ce1ac6cfb16c56cd98b78ef1b1375317adf1398ea736

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:44:56 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Searcher.2627

9.0.1.018

NANO AntiVirus

Trojan.Win32.Generic.dbxlbd

0.28.2.62671

Reason Heuristics

PUP.Installer.ThinkTankLabs

15.4.24.0

File size:

550.7 KB (563,944 bytes)

Product version:

2012.01.31.2150

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\ap10013.exe

Digital Signature

Signed by:

Think Tank Labs, LLC

Authority:

GoDaddy.com, Inc.

Valid from:

4/13/2011 11:47:41 PM

Valid to:

4/11/2012 11:41:13 PM

Subject:

CN="Think Tank Labs, LLC", O="Think Tank Labs, LLC", L=Newport, S=CA, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B68DF215AD36D

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:yX6h9gIArTy+K3nQlFzxloBper2YIp8ia78:yXgaIud1upo2H8iaw

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove ap10013.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.