» getthemall.exe
Overview
Analysis
File Details
Network (1)

getthemall.exe

GetThemAll Receiver

Kuzma Safonov

The application getthemall.exe by Kuzma Safonov has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address ocsp.comodoca.com on port 80 using the HTTP protocol.

File name:

getthemall.exe

Publisher:

Kuzma Safonov (signed and verified)

Product:

GetThemAll Receiver

Version:

1.0.0.0

MD5:

c923365b6596c1567735df87d1b8713b

SHA-1:

47e35ab563392f5e6f3139a1db5dae6233af3674

SHA-256:

3179f3b950a8dc14201676b9b1bff7c91c9a787ac38c9eab8dd597678eeb0363

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:43:43 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3402

Reason Heuristics

PUP.KuzmaSafonov.K

14.7.25.17

File size:

150.6 KB (154,208 bytes)

Product version:

1.0.0.0

Original file name:

Server.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\getthemall receiver\getthemall.exe

Digital Signature

Signed by:

Kuzma Safonov

Authority:

COMODO CA Limited

Valid from:

3/5/2013 6:00:00 PM

Valid to:

3/6/2014 5:59:59 PM

Subject:

CN=Kuzma Safonov, O=Kuzma Safonov, STREET=Yunis-Abad 15-43-18, L=Tashkent, S=TO, PostalCode=700180, C=UZ

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3D3E9E49F69694F758C95CA1A2192AF2

File PE Metadata

Compilation timestamp:

3/28/2013 2:04:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:Rle2OJ61Z0pHvhqZ2zc7+cM3+cMFcjJ9av/+4G+cMk:a2Oo1Kvhq4ZjJOW5

Entry address:

0x21A2E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.8427

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

127 KB (130,048 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

Remove getthemall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.