» cinemalek.com.tiger.house_10924_i67362318_il345.exe
Overview
Analysis
File Details

cinemalek.com.tiger.house_10924_i67362318_il345.exe

StringEncrypt

A4 TOV

The application cinemalek.com.tiger.house_10924_i67362318_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

PELock Software (signed by A4 TOV)

Product:

StringEncrypt

Version:

1.0.0.0

MD5:

73ed51bf31efb4b73be8ce5aacd9db4a

SHA-1:

bc0205572c5c46af4e3feb595ca4512c86551ee7

SHA-256:

32e39a5f71227c32716330f49c9b80975deb05e508bc7fb8c7e4582636ec4674

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 10:46:47 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.2.26.23

File size:

1.5 MB (1,592,288 bytes)

Product version:

1.0.0.0

Original file name:

StringEncrypt.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\cinemalek.com.tiger.house_10924_i67362318_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 3:00:00 AM

Valid to:

9/17/2016 2:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

10/4/2015 10:22:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x3592EB

Entry point:

68, 80, 80, 23, E5, E8, 0B, AC, E9, FF, 55, 8B, EC, 66, 85, DE, F5, 51, 53, 85, E7, F5, 56, 1B, F1, 57, 8B, F8, 8B, F1, 2B, D2, FE, C0, F6, D0, 8D, 49, 00, FE, C0, 8A, 0F, 0F, 9B, C0, 8A, 06, 46, 47, 85, F4, 80, 7D, 08, 00, 88, 4D, FF, 0F, 84, 1C, 00, 00, 00, 8A, CA, BB, 93, 4F, 87, 7B, D3, C3, 8A, 4D, FF, 85, D7, 02, DA, 3B, DF, 32, C3, 42, F8, 81, FC, 60, 6D, DF, 39, 84, C0, 0F, 84, 08, 00, 00, 00, 3A, C1, 0F, 84, BC, FF, FF, FF, 5F, 3B, F2, 66, 87, F6, 66, 81, C3, 75, 4C, 5E, 5B, F5, 3A, C8, 0F, 86, 4B... 
[+]

Entropy:

7.9754 (probably packed)

Code size:

1.5 MB (1,570,304 bytes)

Remove cinemalek.com.tiger.house_10924_i67362318_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.