» personalshopper_190326_197028631_116873_coreg_aff.exe
Overview
Analysis
File Details

personalshopper_190326_197028631_116873_coreg_aff.exe

Sono Control Inc

The application personalshopper_190326_197028631_116873_coreg_aff.exe by Sono Control Inc has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

Publisher:

Sono Control Inc (signed and verified)

MD5:

4354676ed8c83f6bbc6f6cdad990a996

SHA-1:

59f958a2bad480a3b4d99f82a9a88f6ad100d65f

SHA-256:

3aea1e6f269c760c67fe0b5b48cbe6edddd6ad088812a6aa2350e23d590e23a4

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 7:47:51 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/PersonalShopper.B.3

7.11.94.120

avast!

NSIS:Adware-AX [PUP]

2014.9-151126

Bitdefender

Adware.PersonalShopper.B

1.0.20.1650

Dr.Web

Trojan.StartPage.21735

9.0.1.0330

Emsisoft Anti-Malware

Adware.PersonalShopper

8.15.11.26.04

ESET NOD32

Win32/Adware.RK

9.8639

F-Secure

Adware.PersonalShopper.B

11.2015-26-11_5

G Data

Adware.PersonalShopper

15.11.22

McAfee

Artemis!4354676ED8C8

5600.6569

MicroWorld eScan

Adware.PersonalShopper.B

16.0.0.990

Norman

Downloader

11.20151126

nProtect

Adware.PersonalShopper.B

13.08.02.03

Panda Antivirus

Suspicious file

15.11.26.04

Reason Heuristics

PUP.SonoControl.Installer (M)

15.11.26.16

Trend Micro House Call

TROJ_GEN.RCBH1B2

7.2.330

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.22.3

File size:

165.9 KB (169,880 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\personalshopper_190326_197028631_116873_coreg_aff.exe

Digital Signature

Signed by:

Sono Control Inc

Authority:

GoDaddy.com, Inc.

Valid from:

11/12/2010 4:12:52 PM

Valid to:

11/12/2011 4:12:52 PM

Subject:

CN=Sono Control Inc, O=Sono Control Inc, L=bellevue, S=WA, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

046D6D36885CC9

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:ZgXdZt9P6D3XJ245Jng/uOQ4VJLxKcnX4b98mBzXGpSgtnqPS54nXi:Ze34o6ncuhwJN3WPJsSvPS5uS

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.7378

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove personalshopper_190326_197028631_116873_coreg_aff.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.