home

drprotantivirus.exe

Dr Prot Antivirus

www.Drprot.com

The executable drprotantivirus.exe has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘drprotantivirus.exe’. While running, it connects to the Internet address ip-208-109-101-35.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
www.Drprot.com

Product:
Dr Prot Antivirus

Version:
4.03.0019

MD5:
1ccc0a6c2398fef0e18ad1668328dcb5

SHA-1:
c964361fa4770d2bc219109d1ed94f936b24f4a3

SHA-256:
7e2df79a853181209fba7c0e3709197a59bea3d71f4a0088b399ed5e160f4462

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
4/26/2024 10:37:20 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-141004

Baidu Antivirus
Trojan.Win32.Ransomlock
4.0.3.14104

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.3153

Qihoo 360 Security
Win32/Trojan.Ransom.4e0
1.0.0.1015

File size:
1.4 MB (1,429,512 bytes)

Product version:
4.03.0019

Copyright:
Drprot.com

Trademarks:
Drprot.com

Original file name:
drprotantivirus.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dr prot antivirus\drprotantivirus.exe

File PE Metadata
Compilation timestamp:
9/27/2014 5:46:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:jGZTzzhsqIBrhsqmiBmXBoLZ76tfd5vYYYb6BNc9mPkv4:jGZTHhsfhsx6xK7c9mPkQ

Entry address:
0x1380

Entry point:
68, 24, 7D, 40, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 83, 1A, DA, 0F, 3F, D9, 95, 49, 93, 44, 62, 78, E1, F0, E5, B9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 05, 45, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, FF, FF, FF, 00, 00, 00, 00, 00, 30, A6, 05, B0, 30, A6, 05, C0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 2A, 00, 00, 00, 27, 9B, EF, 05, 7B, 53, 8C, 4D, A6, 71, DB, A7, E7, F0, 1C, 50, 01, 00, 00, 00, A0, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
1.4 MB (1,421,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
drprotantivirus.exe

Command:
C:\Program Files\dr prot antivirus\drprotantivirus.exe s


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-208-109-101-35.ip.secureserver.net  (208.109.101.35:80)

Remove drprotantivirus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.