» vprot.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (22)

vprot.exe

VProtect Application

InfoSpace

The application vprot.exe, “VProtect Application (Official)” by InfoSpace has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘vProt’. This file is typically installed with the program AVG Nation toolbar by Blucora which is a potentially unwanted software program.

File name:

vprot.exe

Publisher:

InfoSpace (signed and verified)

Product:

VProtect Application

Description:

VProtect Application (Official)

Version:

17.3.0.49

MD5:

ab9f8d4e40969cd282a8629eed81fd41

SHA-1:

db283eedbed424c1ce59ec3f8c7a18705ca2d016

SHA-256:

2063a980c2e6cf0e3322059888b5dc54555f178e7e46de899ce1079e3e137d3a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/10/2024 11:52:26 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InfoSpace (M)

15.11.24.13

File size:

2.4 MB (2,485,064 bytes)

Product version:

17.3.0.49

Original file name:

VProtect.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\avg nation toolbar\vprot.exe

Digital Signature

Signed by:

InfoSpace

Authority:

VeriSign, Inc.

Valid from:

8/16/2013 8:00:00 AM

Valid to:

8/18/2014 7:59:59 AM

Subject:

CN=InfoSpace, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Systems, O=InfoSpace, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4FA97FCF31526C9CF6D4D2149CA247DB

File PE Metadata

Compilation timestamp:

12/24/2013 2:13:11 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:FttULBRdvPk1ojmUYcbsz362jKelthzv6Jh1RLjjTYaHhlp1XLhagwU9NMNT5OkW:ftULBRdE1ojmUYcbT2jKeLpv4h15Pt

Entry address:

0x16E417

Entry point:

E8, 52, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 46, 0B, 00, 00, 3B, 0D, 28, 93, 63, 00, 75, 02, F3, C3, E9, C9, CC, 00, 00, 8B, FF, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, 88, B1, 5B, 00, 8B, 45, F8, 8B, 4D, FC, 6A, 00, 05, 00, 80, C1, 2A, 68, 80, 96, 98, 00, 81, D1, 21, 4E, 62, FE, 51, 50, E8, A5, CD, 00, 00, 83, FA, 07, 7C, 0E, 7F, 07, 3D, FF, 6F, 40, 93, 76, 05, 83, C8, FF, 8B, D0, 8B, 4D, 08, 85, C9, 74, 05, 89, 01, 89, 51, 04, C9, C3, 8B, FF, 51, C7, 01, DC, B9, 5B, 00, E8, DE... 
[+]

Entropy:

6.4486

Code size:

1.7 MB (1,810,432 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

vProt

Command:

"C:\Program Files\avg nation toolbar\vprot.exe"

The file vprot.exe has been discovered within the following programs.

AVG Nation toolbar by Blucora

AVG Nation toolbar powered by InfoSpace is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers.

61% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to a23-50-245-82.deploy.static.akamaitechnologies.com (23.50.245.82:443)

TCP (HTTP):

Connects to a23-63-91-242.deploy.static.akamaitechnologies.com (23.63.91.242:80)

TCP (HTTP):

Connects to a104-83-1-31.deploy.static.akamaitechnologies.com (104.83.1.31:80)

TCP (HTTP):

Connects to a104-93-215-157.deploy.static.akamaitechnologies.com (104.93.215.157:80)

TCP (HTTP):

Connects to a104-83-108-79.deploy.static.akamaitechnologies.com (104.83.108.79:80)

TCP (HTTP):

Connects to a23-64-215-117.deploy.static.akamaitechnologies.com (23.64.215.117:80)

TCP (HTTP):

Connects to a23-48-135-117.deploy.static.akamaitechnologies.com (23.48.135.117:80)

TCP (HTTP):

Connects to a104-93-104-49.deploy.static.akamaitechnologies.com (104.93.104.49:80)

TCP (HTTP):

Connects to a23-58-135-117.deploy.static.akamaitechnologies.com (23.58.135.117:80)

TCP (HTTP):

Connects to a23-44-199-117.deploy.static.akamaitechnologies.com (23.44.199.117:80)

TCP (HTTP):

Connects to a23-215-63-48.deploy.static.akamaitechnologies.com (23.215.63.48:80)

TCP (HTTP SSL):

Connects to a23-214-128-157.deploy.static.akamaitechnologies.com (23.214.128.157:443)

TCP (HTTP):

Connects to a23-209-7-117.deploy.static.akamaitechnologies.com (23.209.7.117:80)

TCP (HTTP):

Connects to a23-15-87-117.deploy.static.akamaitechnologies.com (23.15.87.117:80)

TCP (HTTP):

Connects to a172-232-167-106.deploy.static.akamaitechnologies.com (172.232.167.106:80)

TCP (HTTP):

Connects to a172-228-167-117.deploy.static.akamaitechnologies.com (172.228.167.117:80)

TCP (HTTP):

Connects to a118-214.247-117.deploy.akamaitechnologies.com (118.214.247.117:80)

TCP (HTTP):

Connects to a104-118-147-184.deploy.static.akamaitechnologies.com (104.118.147.184:80)

Remove vprot.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.