» da66e563106146089fcd217545694a42.exe
Overview
Analysis
File Details
Behaviors (1)

da66e563106146089fcd217545694a42.exe

da66e563106146089fcd217545694a42

The application da66e563106146089fcd217545694a42.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named BKFYFUPFJ triggered by a time event.

File name:

Product:

da66e563106146089fcd217545694a42

Version:

1.0.0.105

MD5:

eaecfb1a2cff1cb6fc3f26175da8ec16

SHA-1:

7e16a04d0fdac66c4060c70e64b51da4cd108d21

SHA-256:

6c391b1bed38957b7e59ef6f55d48746b1b62f26a185204cd9190bbc8bd14137

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 1:56:03 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1250010

630

AhnLab V3 Security

PUP/Win32.PicColor

2015.04.19

avast!

Win32:Kryptik-PFA [Trj]

2014.9-150515

AVG

Generic6

2016.0.3108

Baidu Antivirus

Adware.Win32.PicColor

4.0.3.15419

Bitdefender

Application.Generic.1250010

1.0.20.675

ESET NOD32

Win32/Adware.PicColor.AC application

7.0.302.0

Fortinet FortiGate

Riskware/PicColor

5/15/2015

F-Secure

Application.Generic.1250010

11.2015-15-05_6

G Data

Application.Generic.1250010

15.5.25

IKARUS anti.virus

PUA.PicColor

t3scan.1.8.9.0

K7 AntiVirus

Adware

13.203.15826

Malwarebytes

PUP.Optional.JellySplit.Gen

v2015.05.15.06

MicroWorld eScan

Application.Generic.1250010

16.0.0.405

NANO AntiVirus

Riskware.Win32.PicColor.dradmt

0.30.24.1357

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.19.1

Sophos

Generic PUA HO

4.98

Trend Micro House Call

Suspicious_GEN.F47V0419

7.2.135

VIPRE Antivirus

Trojan.Win32.Generic

40002

File size:

339 KB (347,136 bytes)

Product version:

1.0.0.105

Original file name:

da66e563106146089fcd217545694a42.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\da66e563106146089fcd217545694a42\da66e563106146089fcd217545694a42.exe

File PE Metadata

Compilation timestamp:

4/15/2015 10:55:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:ZzQrVQyp8/MZA4WAToYFmK7TOrqyPZomczuvD53RhgxwTsONFFl:ZUrVKkZRhTokyJZ1vD5q0sONFX

Entry address:

0x1C722

Entry point:

E8, 72, 84, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74, 10, 8B, 55, 0C, 85, D2, 74, 09, 8B, 4D, 10, 85, C9, 75, 16, 88, 0E, E8, AC, 37, 00, 00, 6A, 16, 5E, 89, 30, E8, 26, 87, 00, 00, 8B, C6, 5E, 5D, C3, 57, 8B, FE, 2B, F9, 8A, 01, 88, 04, 0F, 41, 84, C0, 74, 03, 4A, 75, F3, 5F, 85, D2, 75, 0B, 88, 16, E8, 7F, 37, 00, 00, 6A, 22, EB, D1, 33, C0, EB, D7, E9, 69, EA, FF, FF, 51, C7, 01, C8, 43, 44, 00, E8, 25, 87, 00, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50... 
[+]

Entropy:

6.3808

Code size:

258.5 KB (264,704 bytes)

Scheduled Task

Task name:

BKFYFUPFJ

Trigger:

Time

Remove da66e563106146089fcd217545694a42.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.