» openwith enhanced 1 15 06-04-14.exe
Overview
Analysis
File Details

openwith enhanced 1 15 06-04-14.exe

LLC IT Management

The application openwith enhanced 1 15 06-04-14.exe by LLC IT Management has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

LLC IT Management (signed and verified)

MD5:

c26cc5cfb256af72294ec158e170c12e

SHA-1:

e1252d2dc76fb48db07e6e41ec37a189a0edc433

SHA-256:

9d7809d71ac59cab598f6f4c43e346b9f557f27235c32d524f73e0783113f6a0

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 12:50:55 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ITManagement (M)

15.11.15.18

File size:

492.9 KB (504,712 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\openwith enhanced 1 15 06-04-14.exe

Digital Signature

Signed by:

LLC IT Management

Authority:

COMODO CA Limited

Valid from:

6/2/2014 3:00:00 AM

Valid to:

6/3/2015 2:59:59 AM

Subject:

CN=LLC IT Management, O=LLC IT Management, STREET=Bagritskogo 51/2, L=Moscow, S=Moscovskaya oblast, PostalCode=121471, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2E9D66F88B13880A37872C17A2E17029

File PE Metadata

Compilation timestamp:

6/3/2014 10:39:41 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

31.23

CTPH (ssdeep):

12288:dBo8GJeZHZE6jvcHR1XTfeV1yj4gIuIFEx:T1ZHq61klIFe

Entry address:

0x3BE3

Entry point:

13, 54, 24, 08, C1, FE, 00, C1, E5, 0E, C1, FF, 1E, 85, 25, 9B, 02, 41, 00, 89, EE, 90, C1, FE, 13, 41, 31, FE, 11, E6, 13, 74, 24, 08, C1, E7, 1C, C1, E7, 17, 47, 4B, C1, E1, 1F, 81, D3, D0, 8D, 9F, 16, C1, CF, 11, F7, D2, 33, 54, 24, 10, F5, C1, E0, 03, 11, C7, 33, 4C, 24, 10, FC, 87, FA, 09, F9, 2B, 05, 1A, 51, 43, 00, 8B, 7C, 24, EC, 11, D8, 85, 74, 24, FC, 45, C1, ED, 05, F7, D2, C1, FA, 15, F7, 44, 24, FC, A1, 82, 70, 65, 81, 7C, 24, EC, A4, 1E, 06, E2, 03, 44, 24, EC, 87, E9, C1, E1, 0D, 87, FA, C1... 
[+]

Code size:

370.5 KB (379,392 bytes)

Remove openwith enhanced 1 15 06-04-14.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.