home

etranslator.exe

eTranslator

LLC 1GB

The application etranslator.exe by LLC 1GB has been detected as adware by 4 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from syspro-file.ru and multiple other hosts.
Publisher:
eTranslator Corp  (signed by LLC 1GB)

Product:
eTranslator

Version:
1.4.3.0

MD5:
a4fe9b5aa0fcf89736226babb93adbc5

SHA-1:
cefe612f45cc4854e4ad098201b56c3674f16c83

SHA-256:
728ebf51f90cf3b7c6b6532b74969c7e75a98a92d19e21c93c05a9daef44111e

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
5/18/2024 6:09:04 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Downloader
2016.0.3157

Dr.Web
Trojan.Zadved.61
9.0.1.05190

ESET NOD32
Win32/eTranslatorPro.A potentially unwanted application
7.0.302.0

Reason Heuristics
Threat.1GB
15.4.11.23

File size:
3.5 MB (3,689,464 bytes)

Product version:
1.4.3.0

Copyright:
eTranslator Corp

Trademarks:
eTranslator Corp

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\etranslator\etranslator.exe

Digital Signature
Signed by:
LLC 1GB

Authority:
COMODO CA Limited

Valid from:
2/10/2015 2:00:00 AM

Valid to:
2/11/2016 1:59:59 AM

Subject:
CN=LLC 1GB, O=LLC 1GB, STREET="Zakrevskogo, budynok 9-A", L=Kyyiv, S=Kyyiv, PostalCode=02217, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7C14941962D8F7B8E48D874D266831CF

File PE Metadata
Compilation timestamp:
3/25/2015 2:28:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:JjSz+U5oXwS3EAgWYJBTk1HULPH0uu4SgQtiNTuTJPFIG/VMRV4MyaWf+:Jj++UQYJ4uu4SHPJPipRebl

Entry address:
0x273190

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 74, 5F, 66, 00, E8, DF, 99, D9, FF, 33, C0, 55, 68, 07, 32, 67, 00, 64, FF, 30, 64, 89, 20, E8, 50, 18, D9, FF, 85, C0, 75, 30, E8, 2F, 09, F8, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, 99, 18, D9, FF, 8B, 45, EC, 33, D2, E8, B7, 09, F8, FF, A1, 04, DB, 68, 00, 8B, 00, E8, E7, 74, EB, FF, E8, 46, 2D, FF, FF, EB, 05, E8, 9F, ED, FE, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 0E, 32, 67, 00, 8D, 45, EC, E8, 56, 53, D9, FF, C3, E9, E0, 48, D9, FF, EB, F0, E8, 79...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,561,536 bytes)

The file etranslator.exe has been seen being distributed by the following 11 URLs.

http://syspro-file.ru/.../3265a56b2c93fa405be9ed78117e9200.exe

http://syscos30.ru/.../5a93021ce9f4dec26ff3613e13dba12e.exe

http://syspro-file.ru/.../168741b6d3109a5fab5b500e7af5d682.exe

http://sysfilepro.ru/.../168741b6d3109a5fab5b500e7af5d682.exe

http://syscos30.ru/.../3265a56b2c93fa405be9ed78117e9200.exe

http://syscos30.ru/.../168741b6d3109a5fab5b500e7af5d682.exe

http://syscos19.ru/.../3265a56b2c93fa405be9ed78117e9200.exe

http://sendme8.ru/.../168741b6d3109a5fab5b500e7af5d682.exe

http://syscos28.ru/.../3265a56b2c93fa405be9ed78117e9200.exe

http://sendme8.ru/.../3265a56b2c93fa405be9ed78117e9200.exe

http://sendme12.ru/.../5a93021ce9f4dec26ff3613e13dba12e.exe

Remove etranslator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.