» notification.exe
Overview
Analysis
File Details
Downloads (1)

notification.exe

Qtrax Inc

The application notification.exe by Qtrax Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from content.qtrax.com.

File name:

notification.exe

Publisher:

Qtrax Inc (signed and verified)

MD5:

7701d2610e75f296a6a491ecfdf1ec60

SHA-1:

ee8507029e9f5bc2f8c2390611307ceb0b456873

SHA-256:

07780857bc773bf084d9c41f992911ba721ff93b56cbac9721bbf0a01de3eb18

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:46:27 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

DLOADER.Trojan

9.0.1.0253

Norman

Malware

11.20140910

Reason Heuristics

PUP.Optional.Qtrax.M

14.9.10.15

File size:

97.3 KB (99,624 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\notification.exe

Digital Signature

Signed by:

Qtrax Inc

Authority:

GoDaddy.com, Inc.

Valid from:

7/31/2012 5:51:42 PM

Valid to:

5/14/2014 8:39:01 PM

Subject:

CN=Qtrax Inc, O=Qtrax Inc, L=New York, S=NY, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B85B70415878A

File PE Metadata

Compilation timestamp:

7/5/2013 3:17:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:nInZYPmhSuYdp9RMTMjpNvIuuAc+hLDrjMcLGnDFbPM5j9HZNyxjMtMw:nInZYPVuw/IuuAcAjMC8cJ3yxjMt

Entry address:

0x6950

Entry point:

E8, 50, 64, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 60, 74, 41, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 1C, 61, 41, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, B2, 64, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, AA, E6, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8... 
[+]

Code size:

68 KB (69,632 bytes)

The file notification.exe has been seen being distributed by the following URL.

http://content.qtrax.com/notification/.../notification.exe

Remove notification.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.