» commandpathmonitor.exe
Overview
Analysis
File Details
Behaviors (1)

commandpathmonitor.exe

The application commandpathmonitor.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 12707 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

MD5:

5918a303ae72d1b1b11d80dc02ef2174

SHA-1:

9c1dde2d3b7dc922db10567b7cc4676e716ba8b4

SHA-256:

db736eea4521c68a28a40e04fdea834ea352a31dbc735e03d4cb724aad5dd922

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:28:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.177517

701

Agnitum Outpost

PUA.Tirrip

7.1.1

Avira AntiVirus

Adware/Tirrip.452096

7.11.212.236

avast!

Win32:Adware-gen [Adw]

2014.9-150305

AVG

Generic6

2016.0.3185

Baidu Antivirus

Adware.Win32.Pirrit

4.0.3.15227

Bitdefender

Gen:Variant.Graftor.177517

1.0.20.320

Emsisoft Anti-Malware

Gen:Variant.Graftor.177517

8.15.03.05.01

ESET NOD32

Win32/Adware.Pirrit.T application

7.0.302.0

Fortinet FortiGate

Adware/Tirrip

3/5/2015

F-Secure

Gen:Variant.Graftor.177517

11.2015-05-03_5

G Data

Gen:Variant.Graftor.177517

15.3.25

K7 AntiVirus

Adware

13.1915113

Kaspersky

not-a-virus:AdWare.Win32.Tirrip

15.0.0.543

MicroWorld eScan

Gen:Variant.Graftor.177517

16.0.0.192

NANO AntiVirus

Trojan.Win32.Generic.dorcyv

0.30.0.296

Panda Antivirus

Generic Suspicious

15.02.27.10

Qihoo 360 Security

Win32/Virus.Adware.198

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.5.13

Sophos

Generic PUA HI

4.98

VIPRE Antivirus

Threat.4150696

38050

File size:

441.5 KB (452,096 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\rubyhotstartapi\commandpathmonitor.exe

File PE Metadata

Compilation timestamp:

2/24/2015 12:10:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:U+sLfIBvOWMlkakUsxhjUeX3QOdMds+Bx:rB4kakUsxhYzs+Bx

Entry address:

0x15DB6

Entry point:

E8, 98, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 64, 46, 00, 89, 0D, 74, 64, 46, 00, 89, 15, 70, 64, 46, 00, 89, 1D, 6C, 64, 46, 00, 89, 35, 68, 64, 46, 00, 89, 3D, 64, 64, 46, 00, 66, 8C, 15, 90, 64, 46, 00, 66, 8C, 0D, 84, 64, 46, 00, 66, 8C, 1D, 60, 64, 46, 00, 66, 8C, 05, 5C, 64, 46, 00, 66, 8C, 25, 58, 64, 46, 00, 66, 8C, 2D, 54, 64, 46, 00, 9C, 8F, 05, 88, 64, 46, 00, 8B, 45, 00, A3, 7C, 64, 46, 00, 8B, 45, 04, A3, 80, 64, 46, 00, 8D, 45, 08, A3, 8C, 64, 46... 
[+]

Entropy:

6.4351

Code size:

337.5 KB (345,600 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:12707/

Local host port:

12707

Default credentials:

Remove commandpathmonitor.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.