» sprotector_x86_x64.exe
Overview
Analysis
File Details

sprotector_x86_x64.exe

The application sprotector_x86_x64.exe has been detected as adware by 23 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from an Internet Explorer cache folder.

File name:

MD5:

8490cb09ab9d0fffa8ca125c41bcf95a

SHA-1:

e93057ab8e73cdead84677cd09facf6ec7124964

SHA-256:

02a7d3b17a0c34bfc3041a1f488b293ecb800f85c63cf0d153436e51a4ca0de1

Scanner detections:

23 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:

4/24/2024 9:11:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Symmi.38680

890

AhnLab V3 Security

Trojan/Win32.Generic

2014.08.29

AVG

Trojan horse Dropper.Generic_r.AA

2014.0.4015

Baidu Antivirus

Trojan.Win32.SProtector

4.0.3.14829

Bitdefender

Gen:Variant.Adware.Symmi.38680

1.0.20.1205

Comodo Security

Application.Win32.Preload.A

19348

Dr.Web

Trojan.WebPick.1160

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Symmi.38680

9.0.0.4324

ESET NOD32

Win32/SProtector.D potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Agent

8/29/2014

F-Prot

W32/Preloader.C.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Symmi.38680

11.2014-29-08_6

G Data

Gen:Variant.Adware.Symmi.38680

14.8.24

IKARUS anti.virus

AdWare.Bprotector

t3scan.1.7.5.0

McAfee

Generic-FAOD!8490CB09AB9D

5600.7024

MicroWorld eScan

Gen:Variant.Adware.Symmi.38680

15.0.0.723

Panda Antivirus

Trj/Genetic.gen

14.08.29.02

Quick Heal

Trojan.Sisproc.A5

8.14.14.00

Reason Heuristics

Adware.sProtector.S

14.8.29.1

Sophos

Mal/Drop-AVTZ

4.98

Vba32 AntiVirus

BScope.Malware-Cryptor.SProtector

3.12.26.3

VIPRE Antivirus

Threat.4845111

32210

Zillya! Antivirus

Trojan.Agent.Win32.450969

2.0.0.1905

File size:

4.5 MB (4,767,744 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sprotector_x86_x64.exe

File PE Metadata

Compilation timestamp:

2/4/2014 3:47:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:FdvyhJ+GbhUOa586ob9sm0ffjenduWWtJQqyXketAM8l1e4A:FU+cX56oafDht5NM8l8h

Entry address:

0x537AC

Entry point:

E8, 05, B1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, 92, 48, 00, E8, DE, 4E, 00, 00, E8, E6, 24, 00, 00, 0F, B7, F0, 6A, 02, E8, 98, B0, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3D, 4B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

499 KB (510,976 bytes)

Remove sprotector_x86_x64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.