home

SpyProtector.exe

Spy Protector

A. & M. Neuber Software

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Spy Protector’.
Publisher:
Neuber Software - www.neuber.com  (signed by A. & M. Neuber Software)

Product:
Spy Protector

Version:
1.8.0.0

MD5:
7e835783182380d4ede261ac73d9ea9c

SHA-1:
147313553664d506c0359f418af0894325b11f21

SHA-256:
5da913f97625282d043aa5b08751f313637443728185bfc14d684c41020fcbdf

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/20/2024 1:13:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.StartPage
7.1.1

Clam AntiVirus
Win.Trojan.Startpage-4412
0.98/21511

McAfee
Artemis!7E8357831823
5600.6231

Norman
Startpage.CARN
11.20161029

File size:
137.3 KB (140,616 bytes)

Product version:
1.8.0.0

Copyright:
Copyright (c) 2002-2010 www.neuber.com

Original file name:
SpyProtector.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\security task manager\spyprotector.exe

Digital Signature
Signed by:
A. & M. Neuber Software

Authority:
VeriSign, Inc.

Valid from:
3/10/2009 8:00:00 AM

Valid to:
5/1/2012 7:59:59 AM

Subject:
CN=A. & M. Neuber Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=A. & M. Neuber Software, L=Halle, S=Sachsen-Anhalt, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
698F88B8EDBF6E6760C0449CBFD1AA79

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:VhSL9o7v9q8Y0n86ijNvMKcz3ZujW7mH3LV:VhSL9opbY7wDZuEm

Entry address:
0x15BF8

Entry point:
55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, 30, 5B, 41, 00, E8, 70, 00, FF, FF, BE, F0, 79, 41, 00, BF, 0C, 7A, 41, 00, 33, C0, 55, 68, A8, 5D, 41, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, 95, 5E, FF, FF, 33, C0, E8, F2, FB, FF, FF, 6A, 00, 68, B8, 5D, 41, 00, E8, 82, 03, FF, FF, 8B, D8, 85, DB, 74, 4D, 53, E8, 36, 04, FF, FF, 6A, 18, 6A, 00, 68, 00, 04, 00, 00, 53, E8, EF, 03, FF, FF, 68, FF, FF, 00, 00, E8, CD, 03, FF, FF, 6A, 40, 68, B8, 5D, 41, 00, 8D, 4D, EC, BA, D0, 5D, 41, 00, B8, E6...
 
[+]

Entropy:
6.4075

Developed / compiled with:
Microsoft Visual C++

Code size:
83.5 KB (85,504 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Spy Protector

Command:
C:\Program Files\security task manager\spyprotector.exe \autostart


Scan SpyProtector.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.