» gratis+wavosaur+2015_10924_i65371892_il345.exe
Overview
Analysis
File Details

gratis+wavosaur+2015_10924_i65371892_il345.exe

Node.js

A4 TOV

The application gratis+wavosaur+2015_10924_i65371892_il345.exe, “Evented I/O for V8 JavaScript” by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Joyent, Inc (signed by A4 TOV)

Product:

Node.js

Description:

Evented I/O for V8 JavaScript

Version:

0.12.7

MD5:

0bafd6b387e5b0327d1776ea9edf5f94

SHA-1:

e742da92e0a602a6b81dcdc1a791a15b5cad0de6

SHA-256:

a942d0a0c22d42102a27109883a36bea4c36fd0440e7ff4437d37f614074886f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 9:24:31 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.3.7.13

File size:

1.9 MB (1,993,696 bytes)

Product version:

0.12.7

Original file name:

node.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\gratis+wavosaur+2015_10924_i65371892_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 7:00:00 AM

Valid to:

9/17/2016 6:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

9/29/2015 10:22:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x25CEC2

Entry point:

68, CF, E4, 42, 4A, E8, CD, 68, FE, FF, C2, E6, 80, 9F, A4, 17, 7B, 7F, 60, DB, 8D, CE, 80, DF, 7A, DC, 90, 80, DF, 7F, 08, 80, 80, 9F, BC, DA, 60, 7F, 60, A1, CD, 90, 80, 5F, 65, E6, 92, 80, 5F, 63, 09, E5, 80, 1F, 15, 34, 0F, 7F, A0, CF, 3F, 72, 7F, 20, 92, 07, 33, 7F, E0, BA, 6E, E2, 80, 5F, 82, F3, C6, 80, 5F, F0, EA, D6, 80, 9F, 30, C2, 7F, E0, 11, 47, 16, 80, DF, 84, 7A, 4A, 80, 5F, 1C, F4, 01, 80, 1F, FE, 72, F4, 7F, E0, BC, 18, 0C, 80, DF, 81, 21, 80, 9F, D0, 4D, 30, 7F, A0, 1E, 76, 7F, E0, 10, 80... 
[+]

Entropy:

7.9387 (probably packed)

Code size:

1.8 MB (1,887,232 bytes)

Remove gratis+wavosaur+2015_10924_i65371892_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.