home

etranslator_gui.exe

eTranslator

eTranslator Corp

The application etranslator_gui.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from syscos26.ru and multiple other hosts.
Publisher:
eTranslator Corp

Product:
eTranslator

Version:
1.2.0.0

MD5:
1dc092654473cbd38bc3192412b72925

SHA-1:
5f4dfd4bb5f0e3dff2a15213dc0f4a6bf3b6f54a

SHA-256:
a14b24e4b2df5216a24df7ead13175510af8115431fa33e76c311ca5d35af46c

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
5/17/2024 2:59:34 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.eTranslatorPro
4.0.3.15210

Dr.Web
Trojan.Zadved.4
9.0.1.041

ESET NOD32
Win32/eTranslatorPro.A potentially unwanted (variant)
9.11152

Fortinet FortiGate
Riskware/ETranslatorPro
2/10/2015

Qihoo 360 Security
HEUR/QVM41.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0209
7.2.41

File size:
3.7 MB (3,835,623 bytes)

Product version:
1.2.0.0

Copyright:
eTranslator Corp

Trademarks:
eTranslator Corp

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\etranslator_gui.exe

File PE Metadata
Compilation timestamp:
2/8/2015 4:58:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:n/3l0QIKAHgyzmSoJbx+DAw3ZdDtklEAH3ynIXeLTI+R7v1TVYVy9Km/BIpoaWfq:n/3qaZ6H3Zht58ynI1GtVN9KPpolq

Entry address:
0x26C068

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 68, 03, 66, 00, E8, 4B, 0B, DA, FF, 33, C0, 55, 68, DF, C0, 66, 00, 64, FF, 30, 64, 89, 20, E8, 78, 89, D9, FF, 85, C0, 75, 30, E8, E3, 59, FA, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, C1, 89, D9, FF, 8B, 45, EC, 33, D2, E8, 6B, 5A, FA, FF, A1, A4, 94, 67, 00, 8B, 00, E8, 67, 41, ED, FF, E8, 62, 42, FF, FF, EB, 05, E8, 8F, 21, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, E6, C0, 66, 00, 8D, 45, EC, E8, 7A, C5, D9, FF, C3, E9, 04, BB, D9, FF, EB, F0, E8, 9D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,533,376 bytes)

The file etranslator_gui.exe has been seen being distributed by the following 12 URLs.

http://syscos26.ru/.../2b2c4be8c6480e8f95bc61ce2bae049f.exe

http://syscos4.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

http://sendme8.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

http://sendme12.ru/.../6f9ade0f52d96453c6d57adca8b659a9.exe

http://sendme8.ru/.../2b2c4be8c6480e8f95bc61ce2bae049f.exe

http://sendme13.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

http://syscos26.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

http://sendme12.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

http://sendme12.ru/.../e8a6a21418a0b5f9a31cfc6fa7174526.exe

http://syscos18.ru/.../e8a6a21418a0b5f9a31cfc6fa7174526.exe

http://sendme9.ru/.../2b2c4be8c6480e8f95bc61ce2bae049f.exe

http://sendme9.ru/.../33a36a7f256aed7a950ecb85c83bd465.exe

Remove etranslator_gui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.