home

pleasewait.exe

AutoPlay Menu Builder

Linasoft

It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
Linasoft

Product:
AutoPlay Menu Builder

Description:
AutoPlay Menu Loader

Version:
2012.10.17.1

MD5:
d702f3d1f591668679384c5c37c4fcb3

SHA-1:
7a2d34ecbc811246685ed1a6bd7e0b2c90210fb1

SHA-256:
5167ab7f7736af27e237ddf39da221f97f525c77da476eba1909504d936fedc2

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/26/2024 7:51:16 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131220

Trend Micro House Call
TROJ_GEN.F47V0818
7.2.61

File size:
1.5 MB (1,569,280 bytes)

Product version:
6.0

Copyright:
Copyright (C) 2002-2010, Linasoft. All Rights Reserved.

Trademarks:
AutoPlay Menu Loader

Original file name:
autorun.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ui\pleasewait.exe

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:XnyH50JIUwHdnJj77diUvq/Ph8eMpZTuDYjsRSHhKDCs6taaGdTgzc7/3P0HBi5H:Xnq9JLg/P6j18Cs6czTiA/cBi5g

Entry address:
0x122EC8

Entry point:
55, 8B, EC, B9, 0B, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, C8, 27, 52, 00, E8, F7, 4A, EE, FF, 33, C0, 55, 68, 7F, 3A, 52, 00, 64, FF, 30, 64, 89, 20, B8, 28, 25, 52, 00, E8, 97, EA, EE, FF, A1, F8, BD, 52, 00, C6, 00, 00, E8, 0E, 05, EE, FF, E8, E9, 03, F1, FF, A1, 8C, BF, 52, 00, 8B, 00, E8, D1, 93, F4, FF, A1, 8C, BF, 52, 00, 8B, 00, BA, 98, 3A, 52, 00, E8, A8, 8F, F4, FF, 8B, 0D, C4, BD, 52, 00, A1, 8C, BF, 52, 00, 8B, 00, 8B, 15, 84, 16, 52, 00, E8, C0, 93, F4, FF, B2, 01, A1, 80...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.1 MB (1,190,912 bytes)

Scheduled Task
Task name:
{3F87F64C-3F82-45C0-AB06-C9EBA24275BA}

Trigger:
Registration (Runs on registration)


Scan pleasewait.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.