home

TheAM.exe

TheAM

Qzoneinteractive

The application TheAM.exe by Qzoneinteractive has been detected as a potentially unwanted program by 15 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘tamgrd’. This file is typically installed with the program Micro theam secure softwear profile by Micro Theam Corporation.
Publisher:
Qzoneinteractive  (signed and verified)

Product:
TheAM

Description:
TheAM

Version:
1, 0, 0, 1

MD5:
7081b9d15e1646d9f70d9280460b7d2c

SHA-1:
2c1e23f50c9ee08b0e62b0313903a38ff9805b81

SHA-256:
3d7cddfc448b91cb5fb556ccc2cb1a3c13947025bb2c312b55bfcf6cc7aa101b

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 9:11:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.75892
364

AVG
Generic
2017.0.2842

Bitdefender
Gen:Variant.Strictor.75892
1.0.20.185

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Strictor.75892
8.16.02.06.02

F-Secure
Gen:Variant.Strictor.75892
11.2016-06-02_7

G Data
Gen:Variant.Strictor.75892
16.2.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.9.0

McAfee
Artemis!AED0669D20B5
5600.6498

MicroWorld eScan
Gen:Variant.Strictor.75892
17.0.0.111

Reason Heuristics
PUP.Qzoneinteractive (M)
16.2.6.2

Trend Micro House Call
TROJ_GEN.R047H09D215
7.2.37

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
40356

ViRobot
Adware.TheAm.234504[h]
2014.3.20.0

File size:
308.5 KB (315,928 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
TheAM.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\theam\common\bin\theam.exe

Digital Signature
Signed by:
Qzoneinteractive

Authority:
Thawte, Inc.

Valid from:
11/3/2012 9:00:00 AM

Valid to:
12/4/2013 8:59:59 AM

Subject:
CN=Qzoneinteractive, OU=EC Team, O=Qzoneinteractive, L=Gwangjin-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F237568BB838B3E163705A7365EEC19

File PE Metadata
Compilation timestamp:
11/12/2013 2:46:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:HuLYLqVbSGn2csgKDSYoEF5jIjym5jsqZNbLuCXMLags69als:Hz+Vr3yojym5jssvMLagsdG

Entry address:
0x29507

Entry point:
E8, 3E, 57, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, C6, 05, 00, 00, 3B, 0D, 58, 71, 44, 00, 75, 02, F3, C3, E9, B5, 57, 00, 00, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6...
 
[+]

Entropy:
6.3303

Code size:
236 KB (241,664 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tamgrd

Command:
C:\users\{user}\appdata\roaming\theam\common\bin\theam.exe


The file TheAM.exe has been discovered within the following program.

Micro theam secure softwear profile  by Micro Theam Corporation
About 1% of users remove it
 
Powered by Should I Remove It?

Remove TheAM.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.