» Führersperrgebieten.exe
Overview
Analysis
File Details

Führersperrgebieten.exe

Lotteriedienste

Ivan Yurievich Permyakov IP

The file Führersperrgebieten.exe by Ivan Yurievich Permyakov IP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Ivan Yurievich Permyakov IP (signed and verified)

Product:

Lotteriedienste

Description:

Durchquerungen

Version:

5.00.0007

MD5:

d9fa423e68627a3be8aa2bc770cd7546

SHA-1:

5ec77716704788aeea2843d87e95d218d7f1ed53

SHA-256:

cca19939256a10971a85a7d54c5af9fac030c3c13de1a5e40b184310c4bfc615

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 2:35:20 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.21.5

File size:

130.7 KB (133,792 bytes)

Product version:

5.00.0007

Auskommentierender5

Trademarks:

Benutzerbedürfnissen0

Original file name:

Führersperrgebieten.exe

Language:

English (United States)

Common path:

C:\ProgramData\trz6b8f.tmp

Digital Signature

Signed by:

Ivan Yurievich Permyakov IP

Authority:

COMODO CA Limited

Valid from:

3/26/2012 9:00:00 PM

Valid to:

3/27/2013 8:59:59 PM

Subject:

CN=Ivan Yurievich Permyakov IP, O=Ivan Yurievich Permyakov IP, STREET="8 Marta str, 194-236", L=Ekaterinburg, S=Sverdlovskaya oblast, PostalCode=620144, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4A7C90ECFD30D2E76C561C688CF7613F

File PE Metadata

Compilation timestamp:

11/26/2014 7:45:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:rEwpmq78nGc08Hx/W7peExZ1FICHZIRMAfleX6lpzSQ:rRmA8N0exO7phQGZoMAflzL

Entry address:

0x10EC

Entry point:

68, 78, 07, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 18, BD, A0, BC, 1D, 7B, 98, 44, 8B, 63, B2, C0, ED, 9E, F2, 6F, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 44, 6F, 70, 70, 65, 6C, 7A, 69, 6D, 6D, 65, 72, 6B, 61, 62, 69, 6E, 65, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, EC, 4A, 6E, F6, 2A, 99, 0E, 41, 83, A7, 61, 30, D9, 68, 83, AA, 82, E0, 64, 6E, 64, 03, 90, 4C, B3, FB, 2A, C5, 03, 7E, D0, 60, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

112 KB (114,688 bytes)

Remove Führersperrgebieten.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.