home

veer+bala+rastogi_10924_i129678389_il345.exe

AITI Strim CONSULTING, TOV

The application veer+bala+rastogi_10924_i129678389_il345.exe by AITI Strim CONSULTING, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
AITI Strim CONSULTING, TOV  (signed and verified)

MD5:
a7adb9562369dbef3a7f4a0d8548afd2

SHA-1:
b3ff17413b62da506ffdedb5a490777d1e0b0e5a

SHA-256:
37b401748f4eac7157ebeb214c1975e4457196f0fb5f9626cfbed1896b3b16ba

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/29/2024 4:16:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.AITIStri (M)
16.5.23.3

File size:
2.1 MB (2,181,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\compressed\archive_2\veer+bala+rastogi_10924_i129678389_il345.exe

Digital Signature
Signed by:
AITI Strim CONSULTING, TOV

Authority:
COMODO CA Limited

Valid from:
1/11/2016 5:30:00 AM

Valid to:
1/11/2017 5:29:59 AM

Subject:
CN="AITI Strim CONSULTING, TOV", OU=IT, O="AITI Strim CONSULTING, TOV", STREET="Bud. 53-55, vul.Pochainynska", L=Kyyiv, S=Kyyiv, PostalCode=04080, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5A7A1CB365BD8EA3567456D3B8166630

File PE Metadata
Compilation timestamp:
1/25/2016 6:52:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:zuC95seM8Zp/6a1kQheR3XIIUH6urV8VrwE6mQ4we+YJPa+RI7tI7vPKNUvU:zu4vpxkmedwHXV8lhpowymviNUvU

Entry address:
0x2BA3B7

Entry point:
68, 34, B2, 8A, FE, E8, A7, 06, FF, FF, 55, 8B, EC, 0F, AB, CA, 66, 33, D6, F6, D9, 83, E4, F8, FE, C1, 8D, 64, 24, 84, F9, C1, D1, 6D, 53, 56, 8B, F0, 8B, 45, 0C, 8B, 10, 66, 0F, BE, C9, 66, 33, CF, 66, 87, C9, 8B, 0E, 89, 54, 24, 0C, F5, 33, D2, 89, 10, 57, 89, 4C, 24, 14, F8, F9, 89, 16, 84, D6, 3B, D6, 83, F9, 05, E9, 56, 52, 1E, 00, 67, 11, A4, 43, E8, 7A, 15, 9D, A5, 5A, 31, 7B, DB, D7, A9, BB, 77, 5B, CA, E8, 80, 4B, A3, 59, BC, 6F, AC, E4, 3C, 84, 35, A4, 87, 37, 89, BB, 67, 3A, A1, DB, 2F, A5, 22...
 
[+]

Entropy:
7.9888  (probably packed)

Code size:
2.1 MB (2,172,416 bytes)

Remove veer+bala+rastogi_10924_i129678389_il345.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.