home

delegate_execute.exe

TODO:

FINEDREAM INVEST LTD

The application delegate_execute.exe, “TODO: <File description>” by FINEDREAM INVEST has been detected as adware by 2 anti-malware scanners.
Publisher:
TODO: <Company name>  (signed by FINEDREAM INVEST LTD)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
78804a2d7d6fe28bd727fd7cce96baf2

SHA-1:
3300de22d36724de9eb6c8791bc5390835498d2d

SHA-256:
602e16641f7165d9e1cfa60e9a047aab225b46b5c0830f3ac0439d0eb7b16246

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/26/2024 6:25:29 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-BGS [PUP]
160209-2

Reason Heuristics
PUP.FINEDREAMINVEST (M)
16.2.14.7

File size:
870 KB (890,881 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
DelegateExecute.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\oxy\application\24.0.1302.0\delegate_execute.exe

Digital Signature
Signed by:
FINEDREAM INVEST LTD

Authority:
COMODO CA Limited

Valid from:
10/1/2013 12:00:00 AM

Valid to:
10/1/2014 11:59:59 PM

Subject:
CN=FINEDREAM INVEST LTD, O=FINEDREAM INVEST LTD, STREET=11 ROSEMONT ROAD HAMPSTEAD, L=LONDON, S=HAMPSTEAD, PostalCode=NW3 6NG, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5ED3DAB73641CD0D161EE50202FB462

File PE Metadata
Compilation timestamp:
8/26/2013 11:51:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:f14KEYlw4/QRb/HHNihsBVPG6tfNJx6kGXJrUtNHwD1qsKCveTJB9eY/3J1Z:SuwHtih2T6koAQZqBrTJF/51Z

Entry address:
0x26232

Entry point:
E8, 6F, 68, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 8E, 65, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 10, E3, 4C, 00, 74, 12, 8B, 0D, C8, E0, 4C, 00, 85, 48, 70, 75, 07, E8, 69, 72, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, D0, DF, 4C, 00, 74, 16, 8B, 46, 08, 8B, 0D, C8, E0, 4C, 00, 85, 48, 70, 75, 08, E8, C8, 6A, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Entropy:
6.5454

Code size:
545 KB (558,080 bytes)

Remove delegate_execute.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.