home

cfhsogutv.exe

SearchDonkey

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application cfhsogutv.exe by WebAppTech Coding has been detected as adware by 10 anti-malware scanners.
Publisher:
WebAppTech Coding, LLC  (signed by WebAppTech Coding LLC)

Product:
SearchDonkey

Version:
1.0.0.0

MD5:
39cddbdc06f03efc760e2010fe28fa64

SHA-1:
3e4ebd252420d165d83aa8579a8ac211c9f4e360

SHA-256:
0eb913fd80f68742451710fa70c6e56d7584faa89347b84c661d4cfee3845b6d

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 12:19:29 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.PullUpdate
7.1.1

AVG
Generic
2016.0.2908

Comodo Security
ApplicUnwnt
22046

Dr.Web
Adware.Yontoo.75
9.0.1.0335

ESET NOD32
MSIL/Adware.PullUpdate.G.gen (variant)
9.11598

Malwarebytes
PUP.Optional.SearchDonkey.A
v2015.12.01.07

NANO AntiVirus
Trojan.Win32.PullUpdate.dglbbq
0.30.24.1357

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.Injekt.WebAppTechCoding (M)
15.12.1.19

VIPRE Antivirus
Injekt
40066

File size:
48.9 KB (50,040 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © WebAppTech Coding, LLC 2014

Original file name:
SearchDonkey.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\cpkqfgkdq\dat\cfhsogutv.exe

Digital Signature
Signed by:
WebAppTech Coding LLC

Authority:
VeriSign, Inc.

Valid from:
12/23/2013 4:00:00 PM

Valid to:
12/24/2014 3:59:59 PM

Subject:
CN=WebAppTech Coding LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebAppTech Coding LLC, L=Grandville, S=Michigan, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A6411A4888DF6223DF9C572F9BE2E96

File PE Metadata
Compilation timestamp:
6/2/2014 2:41:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:kVOl+KLtBQkXvZ3vTLKulIJKyzD2Plo/Fh3fuXZwPgC4Dqu8HV:p++QkXvZ3vMKyzqO/r3fuXTDt

Entry address:
0xBF6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6477

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
40 KB (40,960 bytes)

Remove cfhsogutv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.