» esubmission_takaful_updates_v1.23.exe
Overview
Analysis
File Details
Downloads (1)

esubmission_takaful_updates_v1.23.exe

The application esubmission_takaful_updates_v1.23.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from download3.epartner.com.my.

File name:

MD5:

adfa76517297f4bc49519e6c9a3c2d01

SHA-1:

e3f7602fec2d655b7f0bacca6d2e143a7980f57f

SHA-256:

b7eec0f573e46fb58b8f4feec9132b67737de0b5c7a24b8e84bbe69c458ca67f

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

5/3/2024 6:54:00 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

HW32.Packed

1.3.0.7400

Malwarebytes

PUP.Optional.Amonetize

v2016.02.22.02

Reason Heuristics

Adware.Amonetize (M)

16.6.16.19

File size:

2.6 MB (2,711,610 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\esubmission_takaful_updates_v1.23.exe

File PE Metadata

Compilation timestamp:

2/1/2011 1:44:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:LQhY83njfgaYhfc2T/Dz/cvElj8f2PkA4bgAKRCcXK31ZxbPW/eH2l:LQhx3nrgayfcqzUclu2PX4EcTxH2l

Entry address:

0x1D20

Entry point:

55, 8B, EC, 6A, FF, 68, 28, 21, 40, 00, 68, A0, 1E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 88, 20, 40, 00, 59, 83, 0D, 54, 35, 40, 00, FF, 83, 0D, 58, 35, 40, 00, FF, FF, 15, 84, 20, 40, 00, 8B, 0D, CC, 32, 40, 00, 89, 08, FF, 15, 80, 20, 40, 00, 8B, 0D, C8, 32, 40, 00, 89, 08, A1, 7C, 20, 40, 00, 8B, 00, A3, 5C, 35, 40, 00, E8, 10, 01, 00, 00, 39, 1D, BC, 32, 40, 00, 75, 0C, 68, 9C, 1E, 40, 00, FF, 15, 78, 20... 
[+]

Entropy:

7.9927

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

4 KB (4,096 bytes)

The file esubmission_takaful_updates_v1.23.exe has been seen being distributed by the following URL.

http://download3.epartner.com.my/eSubmission_Takaful_Updates_v1.23.exe

Remove esubmission_takaful_updates_v1.23.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.