RidSpywareShield.exe

Rid Spyware

Crawler, LLC

The application RidSpywareShield.exe, “Rid Spyware Realtime Shield” by Crawler has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RidSpywareShield’.
Remove RidSpywareShield.exe - Powered by Reason Core Security
Publisher:
Crawler.com  (signed by Crawler, LLC)

Product:
Rid Spyware

Description:
Rid Spyware Realtime Shield

Version:
1.1.0.11

MD5:
0ee8f147d0153509e644c6bfdd04543a

SHA-1:
2ae794d8329bff7b80d17145472de937a590c60b

SHA-256:
8fe7b826eab882345ab4419cb934a3dfab895e8ac38932665c9e5cecd7e16faa

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/5/2016 11:50:51 PM UTC  (today)

Scan engine
Detection
Engine version

CMC Antivirus
Packed.Win32.Obfuscated.10!O
1.1.0.977

Reason Heuristics
PUP.Startup.Crawler.Q
14.8.8.2

Remove RidSpywareShield.exe - Powered by Reason Core Security
File size:
3.7 MB (3,871,616 bytes)

Product version:
1.1.0.0

Copyright:
© Crawler.com

Original file name:
RidSpywareShield.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rid spyware\ridspywareshield.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 4:00:00 PM

Valid to:
1/25/2017 3:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

File PE Metadata
Compilation timestamp:
12/5/2013 5:41:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:zrWktrZNfvTZpj7HIJHP3VE35WjSsiTIjsjLWhA0rX+hTqQU064BWhCeGCw:ByHP3VXjsjL74+G41ePw

Entry address:
0x20274C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 74, 70, 5F, 00, E8, 7C, 95, E0, FF, E8, 67, 41, FF, FF, E8, 4E, 4F, E0, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0036

Developed / compiled with:
Microsoft Visual C++

Code size:
2 MB (2,100,736 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
RidSpywareShield

Command:
C:\Program Files\rid spyware\ridspywareshield.exe


Remove RidSpywareShield.exe - Powered by Reason Core Security