» homepage.exe
Overview
Analysis
File Details
Downloads (2)

homepage.exe

Home Page

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

The application homepage.exe by CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Sti has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s3-eu-west-1.amazonaws.com and multiple other hosts.

File name:

homepage.exe

Publisher:

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti (signed and verified)

Product:

Home Page

Version:

1.0.0.0

MD5:

1b6839f6132b7729fa9c29d7afafd4b4

SHA-1:

2731fc4493156ea5ed7887a03bbaaefaa250dbc8

SHA-256:

453133fe2eb9100641bf4037c0bdc553663bc7a3786e957110a39109cf712ade

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/23/2024 11:41:26 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.7237

Reason Heuristics

PUP.CNTBilisimTeknolojisipazrekturltlhTicSti (M)

15.10.4.13

File size:

14.8 KB (15,192 bytes)

Product version:

1.0.0.0

Original file name:

Home Page.exe

File type:

Executable application (Win64 EXE)

Language:

Turkish (Turkey)

Digital Signature

Signed by:

CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti

Authority:

COMODO CA Limited

Valid from:

2/6/2014 2:00:00 AM

Valid to:

2/6/2017 1:59:59 AM

Subject:

CN=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, O=CNT Bilisim Teknolojisi pazrek tur lt lh Tic. Ltd. Sti, STREET=273/1 Sk. Mansuroglu Mah. Narlibahce Sit. No:6 B1 Blok Daire:2, L=Izmir, S=Izmir, PostalCode=35030, C=TR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FD38E0D9B8EC881E28CC1693FCA30FC5

File PE Metadata

Compilation timestamp:

10/1/2015 5:30:08 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

48.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:ndELlsH2pXyIeHDK9Q1qq00Zr9SvWb9+A8Hg38LWM1bKDBg2l5m/:YsHnIeHDfSWb9Z8S81KD55C

Entry address:

0x2F6A

Entry point:

4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

4 KB (4,096 bytes)

The file homepage.exe has been seen being distributed by the following 2 URLs.

https://s3-eu-west-1.amazonaws.com/softmonk/extension/.../HomePage.exe

http://aihdownload.adobe.com/bin/.../install_flashplayer14x32axau_mssa_aaa_aih.exe

Remove homepage.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.