home

autorun.exe

Angry Birds: Anthology Autorun

HomEDition Company

The executable autorun.exe, “Автозапуск для антологии игр Angry Birds” has been detected as malware by 1 anti-virus scanner.
Publisher:
© HomEDition Company  (signed by HomEDition Company)

Product:
Angry Birds: Anthology Autorun

Description:
Автозапуск для антологии игр Angry Birds

Version:
1.3.0.0

MD5:
003e353c3bd1d93155e9a65ce15a34f3

SHA-1:
a2d2691beb61b266693a51fa50975e78102d216a

SHA-256:
492b06cd97235ddf6892043c37cfe09976fbe560afbbfa23e336b139e205de3b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 3:15:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.5.24.13

File size:
482.4 KB (493,992 bytes)

Product version:
1.3.0.0

Copyright:
HomEDition Company © 2003-2012

Trademarks:
HomEDition Company © www.homedition.ru

Original file name:
abaautorun.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\downloads\angry birds - anthology [repack by kloneb@dguy]\autorun.exe

Digital Signature
Signed by:
HomEDition Company

Authority:
HomEDition Company

Valid from:
11/4/2010 8:00:00 PM

Valid to:
9/7/2087 7:59:59 PM

Subject:
E=www.homedition.ru, CN=HomEDition Company, O=HomEDition Company, C=RU

Issuer:
E=www.homedition.ru, CN=HomEDition Company, O=HomEDition Company, C=RU

Serial number:
4626AA7D541BA3428B302D7D03B2F38D

File PE Metadata
Compilation timestamp:
4/17/2012 6:59:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:pb7sRpNc67xYykgLlsVSkcESJshEYXQUivHPMwES72Iess4ZDTpX+oNQxOaSwoVr:pb7sRpp5LRshEYC862R4p9OEg0

Entry address:
0x1000

Entry point:
B8, BC, 81, 5B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 13, 5F, AC, 93, F6, DA, 0E, 49, B8, 88, 70, B9, 7F, 02, E4, D4, E7, A3, 09, EC, C0, 98, A1, 5C, B1, A8, F6, E3, C3, 31, 09, CF, 1F, C1, 4E, AB, B4, 5C, ED, 5C, 9F, 7F, 67, 31, 46, 42, 2A, F2, AE, C0, 51, E7, 04, 3B, B8, 82, D5, 97, 37, 7C, 93, 78, 0D, 1B, 57, 90, E9, A5, 95, D9, 44, 96, 60, DD, 40, F4, C1, F9, 67, 8C, 66, A6, EB, 35, FD, 1D, 17, 29, D6, 74, 16, EA, 22...
 
[+]

Entropy:
4.4324

Packer / compiler:
PECompact v2

Code size:
711.5 KB (728,576 bytes)

Remove autorun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.