home

hufmaupruu64.exe

Nuosej Mimrymkhcaoy Ceob

The application hufmaupruu64.exe by Nuosej Mimrymkhcaoy Ceob has been detected as a potentially unwanted program by 12 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Nuosej Mimrymkhcaoy Ceob  (signed and verified)

MD5:
e5dee71054d727f5932cf7f3eb4a789e

SHA-1:
b5085e7204607e1ba160396a2a1e3c79ccee4caf

SHA-256:
4d1fae15df1a616a4af7ac104954f790a6e50c86b3a04e8df81a48281fab16f9

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 3:13:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic_r
2016.0.2913

Baidu Antivirus
Trojan.Win64.Komodia
4.0.3.151127

Comodo Security
UnclassifiedMalware
23663

ESET NOD32
Win64/Riskware.Komodia (variant)
9.12631

Fortinet FortiGate
Riskware/Komodia
11/27/2015

IKARUS anti.virus
PUA.RiskWare.Komodia
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17982

McAfee
Artemis!E5DEE71054D7
5600.6569

Microsoft Security Essentials
BrowserModifier:Win32/Shopperz
1.1.12300.0

Reason Heuristics
Adware.Crossrider.NuosejMimrymkhcaoyCeob.Meta (M)
15.11.27.3

VIPRE Antivirus
Trojan.Win32.Generic
45452

Zillya! Antivirus
Adware.BrowseFox.Win32.155919
2.0.0.2534

File size:
289.9 KB (296,816 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\groover171120150606\hufmaupruu64.exe

Digital Signature
Signed by:
Nuosej Mimrymkhcaoy Ceob

Authority:
Nuosej Mimrymkhcaoy Ceob

Valid from:
11/17/2015 10:06:25 AM

Valid to:
11/16/2016 10:06:25 AM

Subject:
CN=Ipuiaefcu Iakoge, O=Nuosej Mimrymkhcaoy Ceob, L=Murfep, S=Cihfoewfaeae, C=GB

Issuer:
CN=Ahu Sobbu, O=Nuosej Mimrymkhcaoy Ceob, L=Murfep, S=Cihfoewfaeae, C=GB

Serial number:
01

File PE Metadata
Compilation timestamp:
11/17/2015 10:08:00 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
6144:Gig/1VV8j4eV0WeYoGp5DQjTEg0fk03cf96PBTpNWGhYLFE:Rg/1nbeYGjQCkIc16PBTpn25E

Entry address:
0x1A5A8

Entry point:
48, 83, EC, 28, E8, B3, AC, 00, 00, 48, 83, C4, 28, E9, 42, FE, FF, FF, CC, CC, 48, 85, C9, 0F, 84, 29, 01, 00, 00, 48, 89, 5C, 24, 10, 57, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 49, 38, 48, 85, C9, 74, 05, E8, 60, D3, FF, FF, 48, 8B, 4B, 48, 48, 85, C9, 74, 05, E8, 52, D3, FF, FF, 48, 8B, 4B, 58, 48, 85, C9, 74, 05, E8, 44, D3, FF, FF, 48, 8B, 4B, 68, 48, 85, C9, 74, 05, E8, 36, D3, FF, FF, 48, 8B, 4B, 70, 48, 85, C9, 74, 05, E8, 28, D3, FF, FF, 48, 8B, 4B, 78, 48, 85, C9, 74, 05, E8, 1A, D3, FF, FF, 48, 8B...
 
[+]

Code size:
178 KB (182,272 bytes)

Remove hufmaupruu64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.