» portable+sony+sound+forge_10924_i129833693_il345.exe
Overview
Analysis
File Details

portable+sony+sound+forge_10924_i129833693_il345.exe

AITI Strim CONSULTING, TOV

The application portable+sony+sound+forge_10924_i129833693_il345.exe by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

AITI Strim CONSULTING, TOV (signed and verified)

MD5:

5095c2f2f42599c7c4b76759885e032f

SHA-1:

f58857f02130c7602ad5b91e23aae4c490812987

SHA-256:

9f90ee7b5a7ef5d97e627e4c988bbccb45f344d1f9e3d38958c6519e7af807b9

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 3:56:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.AITIStri (M)

16.6.9.4

File size:

2.1 MB (2,237,472 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\portable+sony+sound+forge_10924_i129833693_il345.exe

Digital Signature

Signed by:

AITI Strim CONSULTING, TOV

Authority:

COMODO CA Limited

Valid from:

1/10/2016 10:00:00 PM

Valid to:

1/10/2017 9:59:59 PM

Subject:

CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata

Compilation timestamp:

1/26/2016 7:02:51 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:tdMHnIa521ERC/YEwexaaPV+8g9K++Y+FqHu9:tdKnv2Sww4dPVir+iK

Entry address:

0x4A8964

Entry point:

68, 00, 75, F8, 71, E8, 37, 74, E0, FF, E5, B5, 70, 80, EF, E1, A5, 70, 80, 1A, 0D, 94, 70, 80, 4A, 7D, 4E, 8F, 7F, 72, 4B, AC, 70, 80, 17, 25, 16, 8F, 7F, 54, 5E, 0A, 8F, 7F, 7D, 6E, 65, 8F, 7F, 49, 53, 29, 70, 80, 62, 67, 79, 70, 80, 41, 67, A5, 8F, 7F, C3, E5, 93, 8F, 7F, 41, 5A, 8F, 8F, 7F, 21, 20, 5E, 70, 80, 3A, 15, BB, 8F, 7F, B0, 63, 70, 80, 74, 63, C1, 70, 80, 24, 07, 1B, 8F, 7F, 92, 9C, DB, 70, 80, 72, 4D, 8D, 70, 80, 7E, 5C, 1E, 8F, 7F, B9, 7D, 8F, 7F, 53, 6E, 16, 70, 80, D8, FA, 8F, 7F, 84, 89... 
[+]

Code size:

2.1 MB (2,217,984 bytes)

Remove portable+sony+sound+forge_10924_i129833693_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.