» zgsjqp1vidre.exe
Overview
Analysis
File Details
Downloads (1)

zgsjqp1vidre.exe

avast! Antivirus

TEKHNOLODZHI SISTEM, OOO

The application zgsjqp1vidre.exe by TEKHNOLODZHI SISTEM, OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from doc-0c-5g-docs.googleusercontent.com.

File name:

zgsjqp1vidre.exe

Publisher:

AVAST Software (signed by TEKHNOLODZHI SISTEM, OOO)

Product:

avast! Antivirus

Description:

Smart Installer

Version:

9.0.2021.531

MD5:

f30edb9562cb8e4c0fe58a88c1b1dc6c

SHA-1:

4435020932e2b8019d5cbffefe295ede21749957

SHA-256:

6e6edbd336ff1d7a477913e169621d37b11e9429bb2a0ab9982d0330729062f0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 10:42:09 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.TEKHNOLO.Installer (M)

16.3.17.16

File size:

800 KB (819,168 bytes)

Product version:

9.0.2021.531

Original file name:

AvastUi.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\zgsjqp1vidre.exe

Digital Signature

Signed by:

TEKHNOLODZHI SISTEM, OOO

Authority:

COMODO CA Limited

Valid from:

3/31/2015 3:00:00 AM

Valid to:

3/31/2016 2:59:59 AM

Subject:

CN="TEKHNOLODZHI SISTEM, OOO", O="TEKHNOLODZHI SISTEM, OOO", STREET="Timura Frunze, 11/56", L=Moscow, S=Moscow province, PostalCode=119034, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E2054F9860EFB3367F087514403195B3

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

12288:85jqZZI9HDoZNaodskqsH7Ab+wpTGLGRagIYcEImpJVaB:gxhK8cH7Y+JKRagIYlMB

Entry address:

0x8E1A3

Entry point:

33, C0, 2B, 44, 24, 04, 0F, 85, 79, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8B, 0D, 30, 41, 49, 00, 0F, B6, 09, 80, E9, B0, 8A, C9, 83, E9, 08, 90, 0F, 85, 62, FF, FF, FF, E9, 1F, 26, D5, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

570.5 KB (584,192 bytes)

The file zgsjqp1vidre.exe has been seen being distributed by the following URL.

https://doc-0c-5g-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/dkuvo2s307m5lraqpa0qg90v419g7u58/1453564800000/01211804392470760339/.../0B4RX1lYy4K6MQ2ZBdlRsTWZYYlE?e=download

Remove zgsjqp1vidre.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.