» dlya_trident_video_accelerator_9525.exe
Overview
Analysis
File Details

dlya_trident_video_accelerator_9525.exe

Acko.net colormap

IT River

The application dlya_trident_video_accelerator_9525.exe by IT River has been detected as adware by 17 anti-malware scanners.

File name:

Publisher:

Acko.net (signed by IT River)

Product:

Acko.net colormap

Description:

Colormap APE

Version:

1, 3, 0, 0

MD5:

ce22b23fe2a69e6d48d6d95e1e8fceed

SHA-1:

be47be065b25b7ff2c1f45a532b18e246d80f6db

SHA-256:

7201d62e6e6a78a8761d1fc42cec2dd2b2cba28f2a616979930726201b2e83ba

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

4/25/2024 6:05:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Symmi.46589

838

Avira AntiVirus

APPL/Downloader.Gen7

7.11.179.116

avast!

Win32:Installer-U [PUP]

2014.9-141019

AVG

Win32/Cryptor

2015.0.3316

Bitdefender

Gen:Variant.Adware.Symmi.46589

1.0.20.1460

Emsisoft Anti-Malware

Gen:Variant.Adware.Symmi.46589

8.14.10.19.05

F-Secure

Gen:Variant.Adware.Symmi.46589

11.2014-19-10_1

G Data

Gen:Variant.Adware.Symmi.46589

14.10.24

IKARUS anti.virus

Trojan.Krypt

t3scan.1.7.8.0

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

14.0.0.3076

MicroWorld eScan

Gen:Variant.Adware.Symmi.46589

15.0.0.876

Norman

Obfuscated_VPE

11.20141019

Reason Heuristics

PUP.ITRiver.d

14.10.19.17

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141017

Sophos

Mal/LdMon-B

4.98

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

34038

File size:

483.4 KB (494,952 bytes)

Product version:

1, 3, 0, 0

Original file name:

colormap.ape

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\dlya_trident_video_accelerator_9525.exe

Digital Signature

Signed by:

IT River

Authority:

COMODO CA Limited

Valid from:

2/25/2014 1:00:00 AM

Valid to:

2/26/2015 12:59:59 AM

Subject:

CN=IT River, O=IT River, STREET="Obolenskiy, 9", L=Moscow, S=Moscow oblast, PostalCode=119021, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0F02E0C593A3B9A15B22F5853C90D66B

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:dfQQWtcYyEUcN6b117FmoYp5ZDF4jPqcVJYpdXE7Q6sFDi7kVGDSgUXQ6paxnT6Y:q2Z1dYHS4tFTVG+gUADxnOU/z

Entry address:

0x1600

Entry point:

83, 3D, 47, B0, 46, 00, 01, 75, 2C, 8B, 0D, 47, B0, 46, 00, C7, 05, B1, B0, 46, 00, C1, 7B, 01, 00, FE, 05, C7, B0, 46, 00, 89, 05, 30, B0, 46, 00, 89, 15, 78, B0, 46, 00, C7, 05, 4C, B0, 46, 00, C8, 66, 01, 00, 0F, 85, 41, 00, 00, 00, C7, 05, 26, B0, 46, 00, A6, 4C, 01, 00, 03, 0D, F8, B0, 46, 00, 3B, 1D, 94, B0, 46, 00, 7D, 14, C7, 05, CF, B0, 46, 00, D1, 4C, 01, 00, 89, 54, 24, EE, 89, 5C, 24, FC, EB, 08, 46, C6, 05, 70, B0, 46, 00, 5C, 66, C7, 05, E3, B0, 46, 00, 6E, BB, C3, 8D, 40, 00, 68, 98, 10, 40... 
[+]

Code size:

422 KB (432,128 bytes)

Remove dlya_trident_video_accelerator_9525.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.