» d1523075-d6d0-f722-4855-11bdc1472b43.exe
Overview
Analysis
File Details

d1523075-d6d0-f722-4855-11bdc1472b43.exe

Tester

The application d1523075-d6d0-f722-4855-11bdc1472b43.exe, “Installation support” has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.

File name:

Product:

Tester

Description:

Installation support

Version:

1.1.2.1

MD5:

c321739b1a5e2f14c8ba2dcf5ed1c576

SHA-1:

d483c1b01629d20b2fa41259dd5c984dbf1de0a9

SHA-256:

4d8ce341b27a18dfe17e30fae7f4483101e259d8902407e72ad150cd8ac67323

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:43:25 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.75749

735

Avira AntiVirus

Adware/AddLyrics.265728.18

7.11.205.142

avast!

Win32:Adware-gen [Adw]

2014.9-150131

AVG

AddLyrics_r

2016.0.3213

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.15131

Bitdefender

Gen:Variant.Strictor.75749

1.0.20.155

Emsisoft Anti-Malware

Gen:Variant.Strictor.75749

8.15.01.31.07

ESET NOD32

Win32/Adware.AddLyrics.DM (variant)

9.11083

Fortinet FortiGate

Riskware/AddLyrics

1/31/2015

F-Secure

Gen:Variant.Strictor.75749

11.2015-31-01_7

G Data

Gen:Variant.Strictor.75749

15.1.25

McAfee

Artemis!C321739B1A5E

5600.6869

MicroWorld eScan

Gen:Variant.Strictor.75749

16.0.0.93

NANO AntiVirus

Riskware.Win32.MultiPlug.dmstej

0.30.0.65070

Panda Antivirus

Trj/Genetic.gen

15.01.31.07

Qihoo 360 Security

Win32/Virus.Adware.052

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.1.31.7

Trend Micro House Call

TROJ_GEN.R0C1H09AL15

7.2.31

VIPRE Antivirus

Trojan.Win32.Generic

37026

File size:

259.5 KB (265,728 bytes)

Product version:

2.2.2.3

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\d1523075-d6d0-f722-4855-11bdc1472b43.exe

File PE Metadata

Compilation timestamp:

1/20/2015 12:07:46 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:XQEwe0cb/nNK5eBsmUizhXcXqpsHxbky:XUcbloeKmUYXcXqqRbky

Entry address:

0x13BF7

Entry point:

E8, A2, 77, 00, 00, E9, 7F, FE, FF, FF, 6A, 0C, 68, 78, B1, 42, 00, E8, 73, 1F, 00, 00, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 15, E8, 24, 14, 00, 00, C7, 00, 16, 00, 00, 00, E8, ED, 19, 00, 00, 83, C8, FF, EB, 4E, 33, C0, 39, 45, 0C, 0F, 95, C0, 85, C0, 74, DF, 89, 7D, 08, 57, E8, AE, 1A, 00, 00, 59, 83, 65, FC, 00, 57, E8, 87, 64, 00, 00, 8B, F0, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, 57, E8, 2E, 3D, 00, 00, 8B, D8, 89, 5D, E4, 57, 56, E8, 39, 64, 00, 00, 83, C4, 1C, C7, 45, FC, FE, FF, FF, FF... 
[+]

Code size:

138.5 KB (141,824 bytes)

Remove d1523075-d6d0-f722-4855-11bdc1472b43.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.