» countblessingsss.exe
Overview
Analysis
File Details

countblessingsss.exe

WebDevAZ Inc

The application countblessingsss.exe by WebDevAZ Inc has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

Publisher:

WebDevAZ Inc (signed and verified)

MD5:

6df873a2e9180e7d2e4f662f850e51d6

SHA-1:

7b6e8bf402b44cf97b41a2f07589321bdb880186

SHA-256:

3c8cd5744d81a57d5111352c05f95ff0f0a8e1e1f24b866ead3656612b0c779c

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 8:30:55 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.RK

4.0.3.151027

Dr.Web

Adware.WebDevAz.3

9.0.1.0300

ESET NOD32

Win32/Adware.RK

9.11260

Qihoo 360 Security

Win32/Trojan.Adware.802

1.0.0.1015

Reason Heuristics

PUP.WebDevAZ.Installer (M)

15.10.27.11

VIPRE Antivirus

Marketscore.RelevantKnowledge

38072

File size:

282.7 KB (289,456 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\countblessingsss.exe

Digital Signature

Signed by:

WebDevAZ Inc

Authority:

GlobalSign nv-sa

Valid from:

3/30/2012 8:27:49 PM

Valid to:

1/7/2013 12:18:52 PM

Subject:

E=support@webdevaz.com, CN=WebDevAZ Inc, O=WebDevAZ Inc, L=Arizona, S=AZ, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FC34070781BBAC3D84DDEF3515EB5EFD

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:dQqmdJ5+qADeWJKN2ja89jeYy8UGOrXy/+PSlp:KdJ5+qAaRNp8FeYTOruI6p

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9370

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

Remove countblessingsss.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.