home

usbspy.exe

Everstrike OOO

The application usbspy.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Everstrike OOO  (signed and verified)

MD5:
c18aa95ed4a4e5718c74f553a1b30954

SHA-1:
2ccf4ef02d13c3be4be6d12090f6e46bde4dda9f

SHA-256:
6cae026b0cbbe6f4bd19f914c038804d2f3343b0b1b736fc09c162ec61437344

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 5:23:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.17.12

File size:
4.3 MB (4,470,600 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\usbspy\usbspy.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
12/17/2010 7:00:00 AM

Valid to:
1/14/2012 6:59:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=n/a, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1C6FEBAF7115A5C4FFAEAACEC3EA4FF1

File PE Metadata
Compilation timestamp:
8/2/2010 6:31:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:j05i/CPcIsP90xw3lVZwhKxffv/v/8GWwklQeLljhU1v/itwN+/C8M/25Z3bMRSh:j05i/KcIE90xw3lVqMxffv/v/8GWwklP

Entry address:
0x41738C

Entry point:
60, E8, 82, 21, 00, 00, DC, 11, 31, A9, FD, 72, 2A, ED, 9C, 3A, E8, D5, 27, E2, BF, 6C, 79, 98, 77, 14, 7E, 92, CA, A4, 08, CA, 38, FB, 0C, EE, 53, 45, 38, F7, 1B, 01, 54, AA, 0A, 9F, EE, 8F, B1, AF, DF, A6, 22, A0, B7, D8, A3, 2E, 56, 00, 82, A5, 89, EB, 50, 8F, 38, 00, EB, 40, D8, AC, 58, BC, 87, 66, DB, 13, D9, 98, B2, B2, 93, 54, 54, DD, 4F, DA, 96, D5, 8F, A4, 17, 95, C6, 96, 62, 72, 48, 1E, 64, B5, 56, 09, EB, F1, 75, F9, AD, 4D, B7, 85, 68, 38, 28, 70, 3E, C8, A3, 44, 62, 4D, DF, 36, 57, 82, 4F, 68...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
2.8 MB (2,925,056 bytes)

Remove usbspy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.