» windows 8 activator and p_10924_i66366662_il345.exe
Overview
Analysis
File Details

windows 8 activator and p_10924_i66366662_il345.exe

A4 TOV

The application windows 8 activator and p_10924_i66366662_il345.exe by A4 TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

A4 TOV (signed and verified)

Description:

Setup/Uninstall

Version:

51.49.0.0

MD5:

547f81c93459a9efe0ae8a0ec474816c

SHA-1:

2b1ad586022c170fc0939e15705f71a7cd9d998f

SHA-256:

415d4d457e0875c39302a061ec1c5e2687312a5e8f439218e5a4caaf56287c61

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/12/2024 11:14:45 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize (M)

17.3.12.12

File size:

1.5 MB (1,570,784 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\windows 8 activator and p_10924_i66366662_il345.exe

Digital Signature

Signed by:

A4 TOV

Authority:

COMODO CA Limited

Valid from:

9/17/2015 2:00:00 AM

Valid to:

9/17/2016 1:59:59 AM

Subject:

CN=A4 TOV, O=A4 TOV, STREET=Bud. 29 vul.Shchorsa, L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

27FB5DEC4CCFD4F3CF69A6B639C6AD4B

File PE Metadata

Compilation timestamp:

10/2/2015 10:22:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x1FD3B3

Entry point:

68, 48, A0, 8C, 51, E8, 53, 12, FF, FF, DA, 1A, BA, F2, 72, BC, 90, BA, F2, 37, F1, 68, 45, 0D, 9D, F9, 90, 45, 0D, 8E, 81, 1F, BA, F2, 6C, 0B, EA, 45, 0D, 61, 75, 22, 44, 0D, 9A, 25, E1, BA, F2, 18, 26, 26, 45, 0D, C2, F6, 6D, 45, 0D, 06, 9C, 78, 45, 0D, 58, E9, BC, 44, 0D, F0, 8D, 0A, BB, F2, E3, 8E, BA, F2, 54, 86, 90, 45, 0D, 0D, 59, 36, BA, F2, 11, A7, 14, BA, F2, 13, 08, 4F, 62, B1, 7A, 25, 0D, BF, 1C, 70, 25, 0D, D6, 19, 8A, 24, 0D, 94, E7, B9, DB, F2, B5, 95, 3C, DB, F2, A2, 80, DC, 25, 0D, 6C, 54... 
[+]

Entropy:

7.9670 (probably packed)

Code size:

1.5 MB (1,559,040 bytes)

Remove windows 8 activator and p_10924_i66366662_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.