home

videousage.exe

M/s Tech AnB

The application videousage.exe by M/s Tech AnB has been detected as adware by 15 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘VideoUsage’. This file is typically installed with the program Ads Clever by M/s Tech AnB. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.
Publisher:
M/s Tech AnB  (signed and verified)

MD5:
bc268a6ed58a534c0299f67926876da7

SHA-1:
68d49d16aa0e3981644fd2065e0f15c00de8567c

SHA-256:
71e28535ced2d5aad3756686fcef11e35cff0cda4c6231f0cc8bb1dd66ccadb0

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/27/2024 5:12:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.39392
1049

AhnLab V3 Security
Trojan/Win32.BitCoinMiner
2014.03.13

Bitdefender
Gen:Variant.Symmi.39392
1.0.20.405

Emsisoft Anti-Malware
Gen:Variant.Symmi.39392
8.14.03.22.09

F-Secure
Gen:Variant.Symmi.39392
11.2014-22-03_7

G Data
Gen:Variant.Symmi.39392
14.3.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

McAfee
Artemis!BC268A6ED58A
5600.7183

MicroWorld eScan
Gen:Variant.Symmi.39392
15.0.0.243

Qihoo 360 Security
Win32/Trojan.db0
1.0.0.1015

Reason Heuristics
PUP.MsTechAnB.K
14.3.22.21

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14320

Trend Micro House Call
TROJ_GEN.F47V0302
7.2.81

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
27326

ViRobot
Trojan.Win32.S.Generic.1286784
2011.4.7.4223

File size:
1.2 MB (1,286,784 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ads clever\videousage.exe

Digital Signature
Signed by:
M/s Tech AnB

Authority:
COMODO CA Limited

Valid from:
2/9/2014 4:00:00 PM

Valid to:
2/10/2015 3:59:59 PM

Subject:
CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C12161D8036677E0A09B9580299D979F

File PE Metadata
Compilation timestamp:
2/14/2014 9:09:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:6EmK0aUbiTfCnJTYLGI29JKxmqAYpg45uQKgN/+pGeF/hHDN+61YH:6E909qiJTT94UggGv+pGiNGH

Entry address:
0x338000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 90, 12, 00, 2D, FF, 91, 0A, 10, 05, F4, 91, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 35, 96, 32, 0F, 68, BA, 5F, 2D, 41, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 4A, 59, 9D, CD, 6D, 24, 5C, 98, 8C, 98, 5E, 9F, B9, 48...
 
[+]

Entropy:
7.9106  (probably packed)

Code size:
76.5 KB (78,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
VideoUsage

Command:
"C:\Program Files\ads clever\videousage.exe"


The file videousage.exe has been discovered within the following program.

Ads Clever  by M/s Tech AnB
adsclever.com
About 6% of users remove it
 
Powered by Should I Remove It?

Remove videousage.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.