rovua5bc.exe

is

Scan rovua5bc.exe - Powered by Reason Core Security
Publisher:
is

Product:
is

Description:
data dedicated

Version:
refers the

MD5:
074fdbec16dcf4bc211b27f64c3512ae

SHA-1:
56d02cbacbe50e3d87dc642c1aca2aa945ec1557

SHA-256:
dd99b8f1485d87664f15cf21df7f3f2a45f5de4c4631ac29cde4fc4bfc8802ef

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/8/2016 5:13:49 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Dropper/Win32.Preloader
2014.06.10

ESET NOD32
Win32/AdWare.MultiPlug (variant)
8.9921

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious.H
7.7103

File size:
672.5 KB (688,640 bytes)

Product version:
is

Copyright:
Copyright (C) 2013

Original file name:
data dedicated

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\save oonn\rovua5bc.exe

File PE Metadata
Compilation timestamp:
6/10/2014 7:04:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:WrTM/gicAi2TWQgOt7JOOkDPcl/nSEDQYRCrbB0yyMfFsHC:WrwYicAi2TW1OtNOOvFnXDTRCVyMFSC

Entry address:
0x5832E

Entry point:
E8, B9, 4B, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 3B, 47, 00, E8, DC, 15, 00, 00, E8, C0, 32, 00, 00, 0F, B7, F0, 6A, 02, E8, 4C, 4B, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2D, 45, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
413 KB (422,912 bytes)

The file rovua5bc.exe has been discovered within the following programs.

CostMin  by Engaging Apps
CostMin is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
costmin.info
86% remove it
MySearch  by InstalleRex-WebPick
MySearch is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.
justplug.it
83% remove it
YoutubeAdblocker  by Artur Kozak
This is a variant of the SK.Enhancer trojan hijacker which will modify the web browser search and home pages as well as download additional software from givemefilesnow.info (and other sites).
topyoutubeadblocker.info
84% remove it
 
Powered by Should I Remove It?

Scan rovua5bc.exe - Powered by Reason Core Security