» fifth.exe
Overview
Analysis
File Details
Behaviors (1)

fifth.exe

HTTO GROUP Ltd

The application fifth.exe by HTTO GROUP has been detected as adware by 18 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Fifth triggered to execute each time a user logs in.

File name:

fifth.exe

Publisher:

HTTO GROUP Ltd (signed and verified)

MD5:

046f40d333ac0a95b8f69c2bf74c8214

SHA-1:

c3995f0dff0ccaba3f6aa03a824f1225aa251069

SHA-256:

4b4cec4a2484cb86edebe7c7f1b9994a3ac1e5e39caefbd634452b55da1ffd67

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

7/5/2025 8:13:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.ODW

598

Arcabit

Adware.Agent.ODW

1.0.0.425

AVG

Generic6

2016.0.3076

Bitdefender

Adware.Agent.ODW

1.0.20.835

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.MulDrop5.52818

9.0.1.0167

Emsisoft Anti-Malware

Adware.Agent.ODW

8.15.06.16.05

ESET NOD32

Win32/Adware.Snoozer

9.11784

F-Secure

Adware.Agent.ODW

11.2015-16-06_3

G Data

Adware.Agent.ODW

15.6.25

K7 AntiVirus

Adware

13.205.16237

Malwarebytes

PUP.Optional.HTTOGROUP.A

v2015.06.16.05

McAfee

Artemis!046F40D333AC

5600.6732

MicroWorld eScan

Adware.Agent.ODW

16.0.0.501

nProtect

Adware.Agent.ODW

15.06.12.01

Reason Heuristics

PUP.HTTOGROUP

15.6.16.13

Sophos

Generic PUA MD

4.98

VIPRE Antivirus

Trojan.Win32.Generic

41122

File size:

589.9 KB (604,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\fifth\fifth.exe

Digital Signature

Signed by:

HTTO GROUP Ltd

Authority:

GlobalSign nv-sa

Valid from:

4/11/2014 11:40:57 AM

Valid to:

8/9/2015 8:34:45 AM

Subject:

CN=HTTO GROUP Ltd, O=HTTO GROUP Ltd, L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11215DEE081D303199AC9A4E988FC00929A0

File PE Metadata

Compilation timestamp:

3/5/2014 1:36:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

12288:xr+KDCHtS9iMWY6cVrUmDlNpsoiRlIYmO3:oKoS9iLY6cVrUmDlNpszRSq

Entry address:

0x12A0

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 10, C4, 49, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 38, C4, 49, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 2C, C4, 49, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 8B, 0D, 54, 92, 48, 00, 85, C9, 74, 38, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, A0, 48, 00, E8, D0, 1D, 03, 00, 52, 85, C0, 74, 23, C7, 44, 24, 04, 0E, A0, 48, 00, 89, 04, 24, E8, C3, 1D, 03, 00, 83, EC, 08, 85, C0, 74, 09, C7, 04, 24, 54, 92, 48, 00, FF... 
[+]

Entropy:

6.0778

Code size:

540.5 KB (553,472 bytes)

Scheduled Task

Task name:

Fifth

Trigger:

Logon (Runs on logon)

Remove fifth.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.