home

prototype_1_ndir_full.exe

MEDIADATUM

The application prototype_1_ndir_full.exe by MEDIADATUM has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-0o-3o-docs.googleusercontent.com.
Publisher:
CCO Ltd  (signed by MEDIADATUM)

Version:
3.23.5.110m

MD5:
f6a237d873247b1db672080aad6fb8e5

SHA-1:
f51e15d9583ca28c144bd0967b24cd26ec4ad24a

SHA-256:
531b13e90bc5731a442ba8c8b08068d55688075258f19f5a7168c5d226751737

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 8:09:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ICLoader (M)
16.7.30.8

File size:
4 MB (4,236,360 bytes)

Product version:
3.23.5.110m

Original file name:
CCo.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\prototype_1_ndir_full.exe

Digital Signature
Signed by:
MEDIADATUM

Authority:
COMODO CA Limited

Valid from:
7/27/2016 3:00:00 AM

Valid to:
7/28/2017 2:59:59 AM

Subject:
CN=MEDIADATUM, O=MEDIADATUM, STREET="Bulvar Gagarina, 22, 51", L=Bryansk, S=RU, PostalCode=241050, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E8068AFB7BA7404BA55FD0DD85326964

File PE Metadata
Compilation timestamp:
7/29/2016 3:43:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:uBsYSmZIVN/d+Zz/Z4MfN4K84nSC1OywFpHkl+FlS2Sik0AlRO6UBF5mnR+fvbaj:tFmZYN2z5feK84lNwFNkKlSak7O6Ub52

Entry address:
0x3EAECC

Entry point:
55, 8B, EC, 6A, FF, 68, 58, 3B, 7F, 00, 68, EC, BD, 7E, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, DC, F0, 7E, 00, 33, D2, 8A, D4, 89, 15, 9C, 56, 7F, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 98, 56, 7F, 00, C1, E1, 08, 03, CA, 89, 0D, 94, 56, 7F, 00, C1, E8, 10, A3, 90, 56, 7F, 00, 33, F6, 56, E8, 6A, 0D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 35, 0A, 00, 00, FF, 15, D8, F0, 7E, 00, A3, B8, 6B, 7F, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
3.9 MB (4,119,552 bytes)

The file prototype_1_ndir_full.exe has been seen being distributed by the following URL.

https://doc-0o-3o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/b4fad02spf2ciitsgn2pguqi9pk4ms82/1469793600000/12922154676549688197/.../0BwB3_FJIwbjbMUd5amkyaG9wbkU?e=download

Remove prototype_1_ndir_full.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.