» htmlprotector_dl.exe
Overview
Analysis
File Details

htmlprotector_dl.exe

White Cliff Computing Limited

The executable htmlprotector_dl.exe has been detected as malware by 6 anti-virus scanners.

File name:

Publisher:

White Cliff Computing Limited (signed and verified)

MD5:

23b2786c62242f0d62502f655b8cdc23

SHA-1:

3a8fd38cfe063cfddc73b06f3afabdf5cebcd9d2

SHA-256:

74a03c7452f19658ceedfce34d433de19d861991cc29f18ed71a3bcd138258a3

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

4/26/2024 1:17:01 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.PWS.Mailer.269

9.0.1.0224

IKARUS anti.virus

Trojan.Win32.FakeAV

t3scan.2.0.9.0

NANO AntiVirus

Trojan.Win32.Mailer.dypctv

1.0.18.6677

Qihoo 360 Security

QVM41.1.Malware.Gen

1.0.0.1120

Vba32 AntiVirus

TrojanDropper.Demp

3.12.26.4

Zillya! Antivirus

Dropper.Demp.Win32.1026

2.0.0.2730

File size:

2.8 MB (2,897,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\htmlprotector_dl.exe

Digital Signature

Signed by:

White Cliff Computing Limited

Authority:

COMODO CA Limited

Valid from:

4/8/2013 2:00:00 AM

Valid to:

4/9/2014 1:59:59 AM

Subject:

CN=White Cliff Computing Limited, O=White Cliff Computing Limited, STREET="Suite 15735, 145-147 St John Street", L=London, S=London, PostalCode=EC1V 4PW, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0A867FCC396FD8958215B23A0C8E7604

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:IISP6vYx4aiKwp2xERgj/Ni2ATaeMXW2kdIb5IY11TO9g4Fx:IISP6SiKwpIT/N5aWbEY69

Entry address:

0x9CE10

Entry point:

55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, D8, CA, 49, 00, E8, CA, 9B, F6, FF, 8B, 1D, 80, F3, 49, 00, 33, C0, 55, 68, F0, CE, 49, 00, 64, FF, 30, 64, 89, 20, 8B, 03, E8, 83, 8B, FC, FF, 8D, 55, EC, 8B, 03, E8, 21, 92, FC, FF, 8B, 45, EC, E8, B5, F2, FF, FF, 8B, 15, B0, EF, 49, 00, 89, 02, A1, B0, EF, 49, 00, 81, 38, 00, 14, 0C, 00, A1, 0C, F2, 49, 00, 0F, 95, 00, A1, 0C, F2, 49, 00, 80, 38, 00, 74, 16, E8, FF, F3, FF, FF, E8, 12, F6, FF, FF, E8, 69, F8, FF, FF, E8, 78, FB, FF, FF, EB, 26, 8B, 0D... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

624 KB (638,976 bytes)

Remove htmlprotector_dl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.