home

arabseed.com.msr7.masr.e0_10924_i129829105_il345.exe

doPDF 8

AITI Strim CONSULTING, TOV

The application arabseed.com.msr7.masr.e0_10924_i129829105_il345.exe by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Softland  (signed by AITI Strim CONSULTING, TOV)

Product:
doPDF 8

Version:
8.5.937

MD5:
0ad0f10ad32a89aec550f079038b2852

SHA-1:
3392bebd93d6c8cb3374e00e1e0d6783b7b0691b

SHA-256:
e3421a8e7383b4d854639eb954d8432ad08cfa10139a2c1a24820cc28904455a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/29/2024 4:21:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.AITIStri (M)
16.5.27.2

File size:
2.4 MB (2,549,880 bytes)

Product version:
8.5.937

Copyright:
Copyright (c) Softland. All rights reserved.

Original file name:
novapdf.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\arabseed.com.msr7.masr.e0_10924_i129829105_il345.exe

Digital Signature
Signed by:
AITI Strim CONSULTING, TOV

Authority:
COMODO CA Limited

Valid from:
1/11/2016 2:00:00 AM

Valid to:
1/11/2017 1:59:59 AM

Subject:
CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata
Compilation timestamp:
1/26/2016 12:32:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:zbkzDk7FJiFnrkDIorasw4cPKd8BQe/Dv/pKKw34Nt/VIl2:oDkBJgkDd24c8IKR34v/p

Entry address:
0x45AE7F

Entry point:
68, 64, 3E, 3F, 95, E8, F4, 64, E5, FF, AC, A3, 2B, E1, 37, 19, F0, 8D, DD, D2, D8, D3, E4, 90, 09, 4B, 06, 73, 22, B9, 9F, 3E, 31, 0B, 48, 9E, BD, 29, 3E, 44, 0E, 83, 86, 67, E4, 56, 8F, 86, 74, FC, 52, 82, 82, F6, 50, C2, AA, D5, 60, 66, 38, C0, 75, 1E, 2A, 6C, A8, 36, 37, 65, D6, 49, 92, 08, 2D, 7F, 58, 7D, 61, D1, 6C, 24, 19, E8, B5, 0A, 04, C2, 40, 4D, 12, F2, 70, 97, B1, EB, 44, 1C, EA, A3, 71, D6, B2, C4, A0, 5A, F6, 6C, A3, A9, 9D, DC, 31, 7F, AC, 63, 6C, B7, 72, 75, AF, 9B, 65, F2, 06, EB, 7E, 64...
 
[+]

Entropy:
7.6982

Code size:
2.1 MB (2,218,496 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.