» metainstaller_aartemis_2013111118266.exe
Overview
Analysis
File Details
Downloads (1)

metainstaller_aartemis_2013111118266.exe

metainstaller_aartemis

Skytouch Technology Co., Limited

The application metainstaller_aartemis_2013111118266.exe by Skytouch Technology Co., Limited has been detected as adware by 3 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.instcdn.com.

File name:

Publisher:

Skytech Co., Ltd. (signed by Skytouch Technology Co., Limited)

Product:

metainstaller_aartemis

Description:

Skytech

Version:

3.0.2.3001

MD5:

11d129402b3e6c653359c7d0ae46c14c

SHA-1:

c71493a0ac1ca829fdd0bb34f7e79aab87b830f7

SHA-256:

7ce18cdb566dc2daeb97990fe8b0a2c1ea5f118f7862b743c801d8a85d50492f

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

5/17/2024 1:26:45 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.41

9.0.1.0364

Malwarebytes

PUP.Optional.Aartemis.A

v2013.12.30.07

Reason Heuristics

PUP.Installer.SkytouchTechnologyCoLimited.e

14.3.20.14

File size:

551.1 KB (564,376 bytes)

Product version:

3.0.2.3001

Original file name:

Main.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\metainstaller_aartemis_2013111118266.exe

Digital Signature

Signed by:

Skytouch Technology Co., Limited

Authority:

GlobalSign nv-sa

Valid from:

10/24/2013 7:52:17 AM

Valid to:

7/9/2014 10:29:59 AM

Subject:

CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112192933BC5C496F760FA568CA9D16C72F2

File PE Metadata

Compilation timestamp:

11/7/2013 8:14:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:RYY8dpM3tsr3OaWCAcftf+mCl2oPsV/NZpTBLRsumzRdglpMOL2vNR:i7pM3tsfmL2oPsV/r3u/mvL2v

Entry address:

0x301F9

Entry point:

E8, D6, BB, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 10, 88, 46, 00, 85, C0, 75, 1D, E8, 7A, 91, 00, 00, 6A, 1E, E8, D0, 91, 00, 00, 68, FF, 00, 00, 00, E8, 47, 43, 00, 00, A1, 10, 88, 46, 00, 59, 59, 85, F6, 74, 04, 8B, CE, EB, 03, 33, C9, 41, 51, 6A, 00, 50, FF, 15, 38, 01, 45, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5B, 39, 05, 28, 8A, 46, 00, 74, 0D, 56, E8, D7, 6C, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 32, 11, 00, 00, 89, 18, E8, 2B, 11, 00, 00, 89, 18, 8B... 
[+]

Code size:

315 KB (322,560 bytes)

The file metainstaller_aartemis_2013111118266.exe has been seen being distributed by the following URL.

http://download.instcdn.com/xmlcdn/.../metainstaller_aartemis_2013111118266.exe

Remove metainstaller_aartemis_2013111118266.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.