» test+questions+in+araling_10924_i63593535_il345.exe
Overview
Analysis
File Details

test+questions+in+araling_10924_i63593535_il345.exe

Maxthon Cloud Portable

A4 TOV

The application test+questions+in+araling_10924_i63593535_il345.exe, “Maxthon Cloud Portable (PortableApps.com Launcher)” by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

PortableApps.com (signed by A4 TOV)

Product:

Maxthon Cloud Portable

Description:

Maxthon Cloud Portable (PortableApps.com Launcher)

Version:

2.2.0.0

MD5:

eb587d3fee8b8f13bd1332310dcd9265

SHA-1:

4f89bb3cdb2d4c6c7290e08001ecb28b21be9bce

SHA-256:

a3679e1227b4909e021c15bc58b7b8584cda3d6560576ba6cd83152d8afaaf81

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/12/2024 1:04:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.3.14.9

File size:

2.4 MB (2,477,024 bytes)

Product version:

2.2.0.0

PortableApps.com

Trademarks:

PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:

MaxthonPortable.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\other downloads\test+questions+in+araling_10924_i63593535_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 8:00:00 AM

Valid to:

9/17/2016 7:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

9/25/2015 2:12:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x5012D0

Entry point:

68, E3, 46, 78, 72, E8, DF, 1E, DC, FF, 00, 00, 47, 65, 74, 43, 6F, 6E, 73, 6F, 6C, 65, 43, 50, 00, 68, 37, 91, 7D, 72, E8, C6, 1E, DC, FF, 00, 00, 00, 47, 65, 74, 50, 61, 72, 65, 6E, 74, 00, 36, C3, 10, 9B, C2, CC, 55, EF, 64, 82, 5A, 11, EF, 64, DF, 0A, D2, 10, 1B, A0, 19, 81, 10, 9B, 8B, D5, 5F, EF, E4, 16, 20, 11, EF, E4, D7, 05, EF, EF, 64, AE, 8B, 6E, 10, 9B, 68, 0B, 47, 10, 9B, 2E, 27, 0E, 10, 9B, 35, 62, B2, EF, E4, 46, 7F, 8B, EF, E4, 68, DC, 03, 10, 9B, 0D, 41, E3, EF, 64, F9, 3D, EF, E4, 98, 40... 
[+]

Entropy:

7.9832 (probably packed)

Code size:

2.3 MB (2,442,240 bytes)

Remove test+questions+in+araling_10924_i63593535_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.