home

autorun.exe

VIDEO TECH PRODUCOES LTDA - ME

The application autorun.exe by VIDEO TECH PRODUCOESA - ME has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
VIDEO TECH PRODUCOES LTDA - ME  (signed and verified)

MD5:
834c191330cff40f6a4d5939823580da

SHA-1:
e8e37c4693fa2ee1f5f0bd1c519e2e6896c05fb3

SHA-256:
898db2752d7217f28db494347c830765bf90c7e4acac664ba318218eae3af864

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 11:22:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.VIDEOTECHPRODUCOESAME (M)
16.2.6.3

File size:
226.2 KB (231,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\autorun.exe

Digital Signature
Signed by:
VIDEO TECH PRODUCOES LTDA - ME

Authority:
Thawte, Inc.

Valid from:
7/1/2013 9:00:00 PM

Valid to:
7/2/2014 8:59:59 PM

Subject:
CN=VIDEO TECH PRODUCOES LTDA - ME, O=VIDEO TECH PRODUCOES LTDA - ME, L=Florianópolis, S=Santa Catarina, C=BR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
75BF24911D0DEAA1302738F5948159B1

File PE Metadata
Compilation timestamp:
11/2/2013 7:51:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
6144:Z75d+DcdFINCBBSyu+/swYEKhWHbLE/Mh6P0SxPp62a:Z75d+DLKST+/swYCHl8P0SxPp6z

Entry address:
0x13000

Entry point:
EB, 03, 64, F1, AF, 50, EB, 03, 19, A1, 97, E8, 14, 00, 00, 00, EB, 02, F1, 84, EB, 05, 65, 3D, 7D, C7, 45, 33, C0, 70, 26, 71, 6C, EB, 01, BF, EB, 05, C6, B8, AE, 0D, 15, B8, 21, 48, DA, F6, EB, 03, 10, 5C, 8D, EB, 05, 29, A1, C4, 17, 92, 05, DF, B7, 25, 09, EB, 02, 09, 9B, 75, 46, EB, 03, 21, A6, 9A, 64, FF, 30, EB, 05, 02, AB, 33, 33, 3D, 64, 89, 20, EB, 04, BA, B1, B8, 87, EB, 04, 2D, 4D, E8, 22, 8B, 10, EB, 04, 8F, 66, 40, FB, 64, 8F, 00, EB, 05, 13, A0, B3, 1A, 75, 83, C4, 04, EB, 05, F6, A5, 2D, CD...
 
[+]

Code size:
13 KB (13,312 bytes)

Remove autorun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.