home

ap2d7cf92b.exe

The application ap2d7cf92b.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
MD5:
41dc7b185f55da265061079d0146cbfb

SHA-1:
e77fd0f9cac3a5dfe96894bb40a7813e8f0d3568

SHA-256:
68ce184ecda08f0c79b04daf77e7ca03beffd59ee022b45ea1a8bc113623269d

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/27/2024 12:17:26 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Browsefox-725
0.98/21511

Dr.Web
infected with Trojan.Yontoo.1949
9.0.1.05190

ESET NOD32
Win32/BrowseFox.AZ potentially unwanted
9.11641

herdProtect (fuzzy)
variant of uninstaller.exe (Adware)
2015.11.18.11

Malwarebytes
PUP.Optional.ExpressFind.SID.A
v2015.11.18.11

McAfee
Artemis!42CA0BB3A1B4
5600.6578

Sophos
Browse Fox
4.98

Trend Micro House Call
Suspicious_GEN.F47V0417
7.2.322

VIPRE Antivirus
Yontoo
40318

File size:
308.1 KB (315,464 bytes)

File type:
Executable application (Win16 EXE)

File PE Metadata
Compilation timestamp:
1/15/2092 8:38:43 AM

OS version:
1110.3821

OS bitness:
Win16

Linker version:
147.174

CTPH (ssdeep):
6144:xQ3W5KnM3DoFFjuvf/toNQ8dqLuJoU0U7Hd8CntQOHHM+HFFTjXdpNnT29:z5KnM3D0Fw/tN8dkmLtpHHHrh7q

Entry point:
CD, 20, AA, AA, 04, 00, 00, 00, 00, 20, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, DF, 07, 08, 00, 06, 00, 1D, 00, 14, 00, 31, 00, 10, 00, EC, 02, 70, 86, 3C, 69, 9B, E1, D0, 01, 70, 86, 3C, 69, 9B, E1, D0, 01, 70, 86, 3C, 69, 9B, E1, D0, 01, 48, 90, 04, 00, 08, 05, 00, 00, CE, 00, 00, 00, A8, 04, 00, 00, 60, 00, 00, 00, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A9, A0, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, D6, 05, 00, 00, 1A, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 05, 00, 00...
 
[+]

Entropy:
7.7697  (probably packed)

Remove ap2d7cf92b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.