» philosophy+of+education+k_10924_i63456645_il345.exe
Overview
Analysis
File Details

philosophy+of+education+k_10924_i63456645_il345.exe

A4 TOV

The application philosophy+of+education+k_10924_i63456645_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

A4 TOV (signed and verified)

MD5:

6cebe39d5895550acac26d11aa67c89b

SHA-1:

b88766eb9011ebad59a31d559e0049290c651b9f

SHA-256:

53f80515daa87b345d53b360b9616d2726dc8c9a2b84b2a92da26d1a48d28f74

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 12:07:03 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.3.8.16

File size:

2.4 MB (2,464,224 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\philosophy+of+education+k_10924_i63456645_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/16/2015 5:00:00 PM

Valid to:

9/16/2016 4:59:59 PM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

9/24/2015 12:42:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x509FEB

Entry point:

68, 79, E9, 87, FB, E8, AD, C4, DB, FF, 8D, 81, 06, 97, 51, 5A, 57, F9, E8, 7A, 31, 97, 06, 17, 31, EC, 76, F9, E8, B6, C7, E3, F8, 68, CD, AB, C9, 06, 97, 1F, 39, C6, 06, 17, 45, 67, E1, 06, 17, 4F, 3A, 7F, F9, 68, 17, 2B, 12, F9, E8, FD, 15, CB, 06, 17, 54, C1, B2, 06, 97, 2F, CB, 70, F9, 68, F5, F4, 80, 06, 97, A9, 4D, 4D, F9, E8, 03, 97, F8, E8, 1C, 57, 8B, 06, 17, 8B, FF, 97, 06, 97, 9E, 47, 17, 07, 17, 6A, 01, CC, F9, E8, 8D, 1D, B8, F8, E8, DB, 59, 06, 17, AE, 9B, B3, 07, 17, C6, A2, F9, 68, 2C, D8... 
[+]

Entropy:

7.9871 (probably packed)

Code size:

2.3 MB (2,452,480 bytes)

Remove philosophy+of+education+k_10924_i63456645_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.