home

i0.exe

Unchecky

Michael Maltsev

This is a self-extracting archive and installer. The file has been seen being downloaded from www.programosy.pl and multiple other hosts.
Publisher:
RaMMicHaeL  (signed by Michael Maltsev)

Product:
Unchecky

Description:
Unchecky Setup

Version:
0.2.14

MD5:
c033a656ce35abc949e6632698cfcd4b

SHA-1:
bd79cd405606bc27094c89c3ace959ee7771ddad

SHA-256:
e59c2dfdd4220665a2db2497f2b1022a0e8caa720695262185ae2b20e13e9f5d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 4:15:52 AM UTC  (today)

File size:
678.7 KB (694,968 bytes)

Product version:
0.2.14

Copyright:
All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\~un0\i0.exe

Digital Signature
Signed by:
Michael Maltsev

Authority:
StartCom Ltd.

Valid from:
1/3/2014 9:18:37 PM

Valid to:
1/5/2016 12:30:50 AM

Subject:
E=, CN=Michael Maltsev, L=Rishon Le Zion, S=HaMerkaz, C=IL, Description=D4h0qa5viDV589Ed

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0C58

File PE Metadata
Compilation timestamp:
5/5/2014 6:51:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:1vdOwZFcD3vbkQocchHebXg2OBpMBE/mag1yOOP+py8GjWLsnPCVS+a9+gA:1VrO3vwQ2IQ2ipFmL1yOOP+pypjWT6+V

Entry address:
0x4D670

Entry point:
60, BE, 15, 50, 43, 00, 8D, BE, EB, BF, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA]

Code size:
100 KB (102,400 bytes)

The file i0.exe has been discovered within the following programs.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
Toolwiz Time Freeze 2014  by ToolWiz
www.Toolwiz.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file i0.exe has been seen being distributed by the following 11 URLs.

http://www.programosy.pl/.../pobierz,unchecky,4.html

http://www.logitheque.com/.../82ec03ca.dl

http://unchecky.com/files/.../unchecky_setup.vtsafe.exe

http://safe.pre-cloud.com:8080/vt.php?q=http://unchecky.com/files/.../unchecky_setup.exe

http://unchecky.com/.../unchecky_setup.vtsafe.exe

http://safe.pre-cloud.com:8080/vt.php?q=http://unchecky.com/.../unchecky_setup.exe

http://external.comss.ru/url.php?url=http://dl4.comss.ru/.../unchecky_setup.exe

http://www.downloadcrew.com/?act=software.download&id=33234&t=1399567821&c=9da8d807a404715f90231ee37be9de757dada231

http://dl.cdn.chip.de/downloads/.../unchecky_setup_0.2.14.exe

http://unchecky.com/files/.../unchecky_setup.exe

http://unchecky.com/.../unchecky_setup.exe

Scan i0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.