» srv3697.exe
Overview
Analysis
File Details

srv3697.exe

win32exe

The application srv3697.exe, “win32exe installer” has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

srv3697.exe

Product:

win32exe

Description:

win32exe installer

Version:

1.0.9.235

MD5:

2f7703256a6df085e02d151193b84f76

SHA-1:

e74c5f5e3d461cee121faa586dfa438b52805ee1

SHA-256:

a48cb4bdf92b9c371a3fd03919310450e0a3d3b32ec18343376266307b318934

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:12:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.123

5575765

Agnitum Outpost

PUA.Amonetize

7.1.1

AhnLab V3 Security

PUP/Win32.Amonetiz

2015.05.29

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

8.3.1.6

avast!

Win32:Amonetize-HO [PUP]

150525-2

AVG

Adware Generic_r.YL

2014.0.4311

Baidu Antivirus

PUA.Win32.Amonetize

4.0.3.15528

Bitdefender

Gen:Variant.Adware.Dropper.123

1.0.20.740

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.123

10.0.0.5366

ESET NOD32

Win32/Amonetize.CH potentially unwanted application

7.0.302.0

F-Prot

W32/S-4285b06d

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Dropper

5.14.151

G Data

Gen:Variant.Adware.Dropper.123

15.5.25

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1971

Malwarebytes

PUP.Optional.Amonetize

v2015.05.28.05

MicroWorld eScan

Gen:Variant.Adware.Dropper.123

16.0.0.444

NANO AntiVirus

Trojan.Win32.KillFiles.dkyxck

0.30.24.1636

Norman

Gen:Variant.Graftor.166062

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.05.28.05

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.28.13

Sophos

Amonetizer

4.98

SUPERAntiSpyware

Adware.Amonetize/Variant

9848

Vba32 AntiVirus

AdWare.Amonetize

3.12.26.4

VIPRE Antivirus

Threat.4439742

40552

Zillya! Antivirus

Backdoor.Klon.Win32.1610

2.0.0.2193

File size:

949 KB (971,776 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\srv3697.exe

File PE Metadata

Compilation timestamp:

12/9/2014 11:46:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:xTK/TqsC1m6UB6ClqJuu0gJjSp77v/iyTd9Wrynl7:R4TqsC1mECM8Zg2vvzTn8y

Entry address:

0xE294

Entry point:

E8, 7B, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 7C, 0F, 33, 00, FF, 15, C4, 80, 32, 00, 85, C0, 75, 18, 56, E8, 8D, 2F, 00, 00, 8B, F0, FF, 15, 24, 80, 32, 00, 50, E8, 3D, 2F, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, AA, E2, FF, FF, C7, 06, 1C, 8C, 32, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 1C, 8C, 32, 00, E9, EE, E2, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 1C, 8C, 32, 00, E8, DB, E2, FF, FF... 
[+]

Entropy:

7.8689 (probably packed)

Code size:

153 KB (156,672 bytes)

Remove srv3697.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.