home

keywordfirebreather 2010 720p downloader__3687_i1504661006_il1326441.exe

LLC

The application keywordfirebreather 2010 720p downloader__3687_i1504661006_il1326441.exe by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
LLC   (signed and verified)

Version:
1.1.5.26

MD5:
9291c91a57409eb0849aa192b2297e33

SHA-1:
09d2d7b65b75d1199148d39e9fe7bb3b409a03a0

SHA-256:
9e817d2617a3842ca0b844a562e525f3409a617042818d8b296c1eea57ea5ddc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/3/2024 11:36:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.Installer
17.2.17.22

File size:
1.3 MB (1,388,048 bytes)

Product version:
1.1.5.26

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\uc saved\keywordfirebreather 2010 720p downloader\keywordfirebreather 2010 720p downloader__3687_i1504661006_il1326441.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
2/23/2015 5:30:00 AM

Valid to:
2/24/2016 5:29:59 AM

Subject:
CN="LLC ""HALKON PLYUS""", O="LLC ""HALKON PLYUS""", STREET="Brody, house 60", L=Ternopil, S=Ternopilska, PostalCode=46010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DB146CEBBA591269C2AFDE437524C41C

File PE Metadata
Compilation timestamp:
4/26/2015 6:30:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xBC15B

Entry point:
E8, A5, 0A, 01, 00, E9, 89, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 44, C2, 51, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 44, C2, 51, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Entropy:
5.9244

Packer / compiler:
PEQuake V0.06

Code size:
989 KB (1,012,736 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.