home

APSDaemon.exe

Apple Push

Apple Inc.

The executable APSDaemon.exe has been detected as malware by 12 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘APSDaemon’.
Publisher:
Apple Inc.  (signed and verified)

Product:
Apple Push

Version:
2.1.10.1

MD5:
d30d3ea2bf053cb70511629b8285331f

SHA-1:
07f70c51a7670aef2647ce69ca88d472596e8ed5

SHA-256:
7243fd2b9f8d39e02d44afede8c08c84c174bf674ab204eb2a6d656b9da4a7dc

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/26/2024 12:25:31 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160213-1

AVG
Win32/Mabezat
2015.0.4522

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

Emsisoft Anti-Malware
Win32.Worm.Mabezat.Gen
10.0.0.5366

ESET NOD32
Win32/Mabezat.A virus
7.0.302.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

F-Secure
Win32.Worm.Mabezat.Gen
5.15.21

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

McAfee
Virus.W32/Mabezat.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6208.0

Norman
Win32.Worm.Mabezat.Gen
08.02.2016 04:24:12

Sophos
Virus 'W32/Mabezat-B'
5.23

File size:
210.7 KB (215,767 bytes)

Copyright:
© 2011 Apple Inc. All rights reserved.

Original file name:
APSDaemon.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\common files\apple\apple application support\apsdaemon.exe

Digital Signature
Signed by:
Apple Inc.

Authority:
VeriSign, Inc.

Valid from:
4/15/2011 12:00:00 AM

Valid to:
6/25/2013 11:59:59 PM

Subject:
CN=Apple Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Apple Inc., L=Cupertino, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5FA2A6E514B187C52E1FEA5240CB04E9

File PE Metadata
Compilation timestamp:
9/15/2011 7:28:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:9Dm8vyr0ZOyyDivBxtKBeWzW83wgJwH6cpk4fbPSF4x6rMIm1pRKQLg:F/vyrOOybZT47Gg+H6cRjh/IwpRPg

Entry address:
0x43C9

Entry point:
BB, CF, 25, 03, 85, 93, E9, 20, 01, 00, 00, A6, 4C, AF, AB, 57, DB, AF, AB, 97, 16, 2F, 2F, 2F, AF, 2F, 2F, F2, 2F, 2F, 2F, 8E, 60, 65, 60, 5F, 60, 68, 66, 65, 2F, 2F, 2F, A3, 90, A9, 94, 91, 90, 9C, 90, 5D, 93, 9B, 9B, 2F, 2F, 2F, 2F, 8B, 2F, 2F, 2F, 75, A1, 94, 94, 7B, 98, 91, A1, 90, A1, A8, 2F, 72, A1, 94, 90, A3, 94, 73, 98, A1, 94, 92, A3, 9E, A1, A8, 70, 2F, 2F, 2F, 2F, 76, 94, A3, 86, 98, 9D, 93, 9E, A6, A2, 73, 98, A1, 94, 92, A3, 9E, A1, A8, 70, 2F, 2F, 2F, 2F, 76, 94, A3, 7C, 9E, 93, A4, 9B, 94...
 
[+]

Entropy:
6.9628

Code size:
20 KB (20,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
APSDaemon

Command:
"C:\Program Files\common files\apple\apple application support\apsdaemon.exe"


Remove APSDaemon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.