» ucapan+aqiqah+dan+selapan_10924_i63646656_il345.exe
Overview
Analysis
File Details

ucapan+aqiqah+dan+selapan_10924_i63646656_il345.exe

InstallShield

A4 TOV

The application ucapan+aqiqah+dan+selapan_10924_i63646656_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallShield Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

Macrovision Corporation (signed by A4 TOV)

Product:

InstallShield

Description:

Setup.exe

Version:

14.0.162

MD5:

2553f32ea8540fa0c9a16ffaee7c68f6

SHA-1:

a116141bda1ce95f7bffc8142a44a5cae2a34504

SHA-256:

b212bc43b3056fe277326883a6b998ea301a8e22ea3b19d64046f7686a4f1415

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/13/2024 9:00:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.2.27.18

File size:

2.4 MB (2,476,000 bytes)

Product version:

14.0

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

Common path:

C:\users\{user}\downloads\ucapan+aqiqah+dan+selapan_10924_i63646656_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 7:00:00 AM

Valid to:

9/17/2016 6:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

9/25/2015 5:42:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x4F4D0D

Entry point:

68, 8B, 5B, 23, 32, E8, 49, 7D, DC, FF, 00, 00, 00, 51, 75, 65, 72, 79, 50, 65, 72, 66, 6F, 72, 6D, 61, 6E, 63, 65, 43, 6F, 75, 6E, 74, 65, 72, 00, 68, 32, 00, 29, 32, E8, 24, 7D, DC, FF, A8, 98, 8B, 00, 64, 36, 92, 89, 00, 2D, 5B, FC, 77, FF, 43, ED, 1C, 76, FF, 3D, 24, 57, 70, FF, AF, 03, 63, 8F, 00, C7, 7A, 20, 8D, 00, 65, 77, FE, 77, FF, 63, C2, 43, 75, FF, DA, 09, 31, 70, FF, 16, 53, 02, 8B, 00, 47, BC, C9, 8A, 00, 50, 10, D5, 8A, 00, 4C, 84, 7A, 8A, 00, 28, 86, F1, 8B, 00, BA, 0E, 70, FF, C9, BF, 96... 
[+]

Entropy:

7.9726 (probably packed)

Code size:

2.3 MB (2,432,000 bytes)

Remove ucapan+aqiqah+dan+selapan_10924_i63646656_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.