home

so what.exe

LLC ITC

The application so what.exe by LLC ITC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from forces.my-forload.ru.
Publisher:
LLC ITC  (signed and verified)

MD5:
d0add28db7049ae5c2de8ef0d20ec234

SHA-1:
d2c884a255830eb4fcb63a54cb6a80b8d477e792

SHA-256:
18d841b74a99c7172b86be9e46d35f18885f1a890fbcbe9de56fe84d4b134e23

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/27/2024 11:59:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.24.4

File size:
441.4 KB (451,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\so what.exe

Digital Signature
Signed by:
LLC ITC

Authority:
COMODO CA Limited

Valid from:
6/26/2014 10:00:00 AM

Valid to:
6/27/2015 9:59:59 AM

Subject:
CN=LLC ITC, O=LLC ITC, STREET=Vvedenskogo 11/3, L=Moscow, S=Moscow oblast, PostalCode=117342, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F4DBD55156EE0DAFED4BAB130328504E

File PE Metadata
Compilation timestamp:
7/13/2014 10:22:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.29

Entry address:
0x84BC

Entry point:
81, E2, 18, 4F, 94, 52, 1B, 74, 24, 10, C1, DF, 06, 1B, 6C, 24, EC, 2B, 6C, 24, F4, 0B, 74, 24, 10, 45, 39, D8, 2B, 7C, 24, F8, 81, E6, 9E, 70, 7C, 6D, 0B, 74, 24, F4, D1, D3, C1, DD, 03, C1, DB, 18, C1, E2, 09, 19, F8, FD, C1, EE, 11, F5, 11, F7, C1, E9, 14, 23, 44, 24, 04, 46, C1, E1, 1F, F5, C1, D0, 18, F7, 04, 24, 43, C6, CF, 89, 33, 3D, F8, 79, 41, 00, 23, 44, 24, 10, 4F, 13, 4C, 24, 0C, 41, C1, C6, 1E, 89, D2, B9, BB, 8E, F2, 8C, 09, E2, F7, D2, FD, F7, D0, 81, 7C, 24, 04, 78, 40, 9B, 42, C1, ED, 05...
 
[+]

Code size:
376 KB (385,024 bytes)

The file so what.exe has been seen being distributed by the following URL.

http://forces.my-forload.ru/NTM2NTtodHRwJTNBJTJGJTJGenZ1a29mZi5ydSUyRmRvd25sb2FkJTJGMTg3MzA3O25hbWU9U28rV2hhdDtzaXplPTUyMTE0MjM7dHlwZT1hdWRpbw==

Remove so what.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.