home

ssxaker.exe

ProfitServis LLC

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ssxaker.exe by ProfitServis has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the ProfitServis Downloader installer.
Publisher:
ProfitServis LLC  (signed and verified)

Version:
1.0.0.0

MD5:
54b62e0baa809901f41fbe51c0d60f67

SHA-1:
6ad6d7f8e393c4830722354280869611e416437d

SHA-256:
b342d74a63a45a3341fe37a8a067b023cd2747646674c8c6be8c79e9c06f23ea

Scanner detections:
19 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 3:44:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.InstallMonster
7.1.1

AhnLab V3 Security
PUP/Win32.InstallMonster
2014.10.02

Avira AntiVirus
TR/Graftor.twaer
7.11.176.28

avast!
Win32:InstallMonstr-GC [PUP]
140929-0

AVG
Generic
2015.0.3334

Clam AntiVirus
Win.Trojan.Agent-785465
0.98/19465

Dr.Web
Trojan.InstallMonster.964
9.0.1.05190

ESET NOD32
Win32/InstallMonstr.FO potentially unwanted application
7.0.302.0

F-Prot
W32/A-4193a7fa
v6.4.7.1.166

G Data
Win32.Application.InstallMon
14.12.24

IKARUS anti.virus
Trojan.Graftor
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.183.13550

NANO AntiVirus
Trojan.Win32.InstallMonster.dewatt
0.28.2.62440

Norman
InstallMonstr.S
11.20141002

Reason Heuristics
PUP.ProfitServis.H
14.10.2.6

Sophos
Install Monster
4.98

Vba32 AntiVirus
Trojan.MSIL.Zapchast
3.12.26.3

VIPRE Antivirus
Threat.4150696
34232

Zillya! Antivirus
Trojan.TDSS.Win32.40796
2.0.0.1940

File size:
3.2 MB (3,331,424 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
ProfitServis Downloader

Digital Signature
Signed by:
ProfitServis LLC

Authority:
Thawte, Inc.

Valid from:
5/21/2014 4:00:00 AM

Valid to:
5/22/2015 3:59:59 AM

Subject:
CN=ProfitServis LLC, O=ProfitServis LLC, L=Village of Kommunar, S="Kharkiv District, Kharkiv Region", C=UA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
259670E42586FCE460513727E39AB7DF

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:bKQxqkl3fFogVaR5qKH7Ds6GhGrfpZgxv2n+7fAn8MAtwltcODYGw3jrOxJVe0:lqEoWfe2ybTgAn94wlt/DG3jrOxh

Entry address:
0x5C1420

Entry point:
60, BE, 00, 50, 75, 00, 8D, BE, 00, C0, CA, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
2.4 MB (2,543,616 bytes)

Remove ssxaker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.