home

TheAM.exe

TheAM

Qzoneinteractive

The application TheAM.exe by Qzoneinteractive has been detected as a potentially unwanted program by 15 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘TheAM’. This file is typically installed with the program Micro theam secure softwear profile by Micro Theam Corporation.
Publisher:
Qzoneinteractive  (signed and verified)

Product:
TheAM

Description:
TheAM

Version:
1, 0, 0, 1

MD5:
d89dda6817d613b95651ea18fa0e201c

SHA-1:
d5cf82827d4504d9b6261cbc255a0b83531deada

SHA-256:
a21bda174c3e91d2ee1c773a3bf61f5e61bf6a0e5038319f2d854e414e19d139

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 8:49:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.75892
357

AVG
Generic
2017.0.2835

Bitdefender
Gen:Variant.Strictor.75892
1.0.20.215

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Strictor.75892
8.16.02.12.02

F-Secure
Gen:Variant.Strictor.75892
11.2016-12-02_6

G Data
Gen:Variant.Strictor.75892
16.2.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.9.0

McAfee
Artemis!AED0669D20B5
5600.6491

MicroWorld eScan
Gen:Variant.Strictor.75892
17.0.0.129

Reason Heuristics
PUP.Qzoneinteractive (M)
16.2.12.14

Trend Micro House Call
TROJ_GEN.R047H09D215
7.2.43

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
40356

ViRobot
Adware.TheAm.234504[h]
2014.3.20.0

File size:
292 KB (299,032 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
TheAM.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\theam\common\bin\theam.exe

Digital Signature
Signed by:
Qzoneinteractive

Authority:
Thawte, Inc.

Valid from:
11/3/2012 9:00:00 AM

Valid to:
12/4/2013 8:59:59 AM

Subject:
CN=Qzoneinteractive, OU=EC Team, O=Qzoneinteractive, L=Gwangjin-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F237568BB838B3E163705A7365EEC19

File PE Metadata
Compilation timestamp:
6/14/2013 11:11:48 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:KieejnSkTDPB6oxv5Tzs7WHDT4yBEbiLIdw5cyIRvi5H7X7fnaU+Hp8Zc2V:zSmVMCHh6biLIdw+y6i5fSTyV

Entry address:
0x26507

Entry point:
E8, 0B, 3E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 77, 03, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, EA, FF, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 70, 14, 00, 00, 3B, 0D, 50, 31, 44, 00, 75, 02, F3, C3, E9, 6C, 3E, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39...
 
[+]

Entropy:
6.5039

Code size:
218 KB (223,232 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TheAM

Command:
C:\users\{user}\appdata\roaming\theam\common\bin\theam.exe


The file TheAM.exe has been discovered within the following program.

Micro theam secure softwear profile  by Micro Theam Corporation
About 1% of users remove it
 
Powered by Should I Remove It?

Remove TheAM.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.