» {superegy.rar}_10924_i129767028_il345.exe
Overview
Analysis
File Details

{superegy.rar}_10924_i129767028_il345.exe

AITI Strim CONSULTING, TOV

The application {superegy.rar}_10924_i129767028_il345.exe by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

AITI Strim CONSULTING, TOV (signed and verified)

MD5:

b1722b93746fc3b35bd25e8c4fcc8fbe

SHA-1:

f789ecb38991704c14cfa906c8ae3dbc815a0616

SHA-256:

70555081d4fe0b03d1f67eb206f7423eb2b326bdfed29b9d429f6bd3392f0c51

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/29/2024 4:02:55 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.AITIStri (M)

16.5.15.9

File size:

1.9 MB (2,030,344 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{superegy.rar}_10924_i129767028_il345.exe

Digital Signature

Signed by:

AITI Strim CONSULTING, TOV

Authority:

COMODO CA Limited

Valid from:

1/10/2016 4:00:00 PM

Valid to:

1/10/2017 3:59:59 PM

Subject:

CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata

Compilation timestamp:

1/25/2016 1:22:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:ogzwDB7l8hRfUCT46YgqLk5tGqnM5LBh2yMk:Ql7l8hRf15HqLc7MlBh2vk

Entry address:

0x28C8CB

Entry point:

68, 8F, AE, 36, 4D, E8, 15, 4F, FF, FF, 29, E0, 79, 7B, 4D, 22, AB, 19, 7E, FD, 46, 27, 8D, 79, FF, C0, 1C, 07, 29, 81, C0, 1C, 6A, 43, B8, 3E, E3, 3A, 1C, 67, 3F, E3, E2, 65, 2D, C0, 1C, 5A, F8, 53, C0, 1C, CB, E8, AE, 3F, E3, 96, A6, F5, 3F, E3, FC, 14, 57, 3F, E3, 81, D9, C7, 3F, E3, 21, 1C, BA, C0, 1C, CC, 48, 67, C0, 1C, E4, 74, 92, 6C, 5D, A3, 3F, E3, 9F, C1, C0, 1C, 22, 34, 92, 6C, F9, 98, C0, 1C, 30, 12, C0, 1C, A1, D4, EE, 3E, E3, 46, DB, 3E, E3, 06, DB, 35, C0, 1C, DF, C4, 3E, E3, 38, 1B, CC, D3... 
[+]

Entropy:

7.9718 (probably packed)

Code size:

1.9 MB (2,018,816 bytes)

Remove {superegy.rar}_10924_i129767028_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.