home

cloudpop_attpo.exe

Qzoneinteractive

The application cloudpop_attpo.exe by Qzoneinteractive has been detected as a potentially unwanted program by 25 anti-malware scanners.
Publisher:
Qzoneinteractive  (signed and verified)

MD5:
325d666953bc85c5bad14a61df8daa24

SHA-1:
9070c3d2334b128874a7779d85dda6199dd9f8fd

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:14:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.439804
653

Agnitum Outpost
Adware.Kraddare
7.1.1

AhnLab V3 Security
PUP/Win32.FindKey
2014.02.20

Avira AntiVirus
TR/Dldr.Banload.alf.1
7.11.132.200

Baidu Antivirus
Adware.Win32.Kraddare
4.0.3.15422

Bitdefender
Application.Generic.439804
1.0.20.560

Comodo Security
Heur.Suspicious
17816

ESET NOD32
Win32/Adware.Kraddare.GK (variant)
9.9446

Fortinet FortiGate
Riskware/PUP
4/22/2015

F-Secure
Application.Generic.439804
11.2015-22-04_4

G Data
Application.Generic.439804
15.4.24

IKARUS anti.virus
Trojan-Downloader.Win32.Genome
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11210

Malwarebytes
Adware.Korad
v2015.04.22.12

McAfee
Generic PUP.t
5600.6787

Microsoft Security Essentials
Adware:Win32/Cloudpop
1.10302

MicroWorld eScan
Application.Generic.439804
16.0.0.336

Panda Antivirus
Trj/CI.A
15.04.22.12

Quick Heal
Adware.Cloudpop (Not a Virus)
4.15.12.00

Sophos
Generic PUA JA
4.97

Trend Micro House Call
ADW_CLOUDPOP
7.2.112

Trend Micro
ADW_CLOUDPOP
10.465.22

Vba32 AntiVirus
TrojanDownloader.Genome
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
26656

ViRobot
Adware.CloudPop.1317256
2011.4.7.4223

File size:
1.3 MB (1,317,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cloudpop_attpo.exe

Digital Signature
Signed by:
Qzoneinteractive

Authority:
Thawte, Inc.

Valid from:
11/14/2011 9:00:00 AM

Valid to:
11/14/2012 8:59:59 AM

Subject:
CN=Qzoneinteractive, OU=EC Team, O=Qzoneinteractive, L=Gwangjin-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
51790DE8CFF3FB8E48D3E671F9021D0B

File PE Metadata
Compilation timestamp:
6/20/1992 7:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:E1F45lyQS1JQeh498B1nGFpbeCYZ/DweVw/T1EeKuKyKRi:A62QeKbKrTG7aJi

Entry address:
0xEECA8

Entry point:
55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, EC, 89, 45, E8, B8, 18, E7, 4E, 00, E8, BB, 7D, F1, FF, 33, C0, 55, 68, 67, ED, 4E, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, A1, D0, 6B, 4F, 00, 8B, 00, E8, 46, 62, FC, FF, 8B, 45, E8, 8D, 55, EC, E8, D7, CD, F1, FF, 8B, 45, EC, E8, EB, 5F, F1, FF, 50, 6A, FF, 6A, 00, E8, 11, 80, F1, FF, 8B, D8, E8, 9A, 81, F1, FF, 3D, B7, 00, 00, 00, 75, 08, 53, E8, 55, 83, F1, FF, EB, 3B, A1, D0, 6B, 4F, 00, 8B, 00, E8, 5F, 5B, FC, FF, 8B, 0D, FC, 66, 4F, 00, A1, D0, 6B, 4F, 00...
 
[+]

Entropy:
6.8511

Developed / compiled with:
Microsoft Visual C++

Code size:
951.5 KB (974,336 bytes)

Remove cloudpop_attpo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.