» pwnbypasser__7934_il85063.exe
Overview
Analysis
File Details

pwnbypasser__7934_il85063.exe

Converation Performer v.2

IT Biznes GROUP, TOV

The application pwnbypasser__7934_il85063.exe by IT Biznes GROUP, TOV has been detected as a potentially unwanted program by 5 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

GeneralTechnologies (signed by IT Biznes GROUP, TOV)

Product:

Converation Performer v.2

Version:

4.6.12.5

MD5:

34577a387b579f34dd2c124b8854a20c

SHA-1:

fd148539b4ba0bb3a7a444af2694bb33d16be4e2

SHA-256:

6dabe655fb3a59059cfacab6029d48be30534bb436751a90af4ed48e73647e04

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

6/16/2025 10:03:01 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Amonetize.12739

9.0.1.05190

ESET NOD32

Win32/Amonetize.QQ potentially unwanted application

8.0.319.0

Microsoft Security Essentials

Threat.Undefined

1.215.2606.0

Reason Heuristics

PUP.Amonetize.ITBiznes (M)

16.3.30.18

VIPRE Antivirus

Threat.5231965

47848

File size:

724.2 KB (741,588 bytes)

Product version:

2.0.34.0

TM GeneralTechnologies

Original file name:

pfmr.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

IT Biznes GROUP, TOV

Authority:

COMODO CA Limited

Valid from:

3/16/2016 12:00:00 AM

Valid to:

3/16/2017 11:59:59 PM

Subject:

CN="IT Biznes GROUP, TOV", OU=IT, O="IT Biznes GROUP, TOV", STREET="vul. Chervonoarmiyska, 66 B", L=Kiev, S=Kiev, PostalCode=03150, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4FCFA8A9EA866263013AF521B7A4469C

File PE Metadata

Compilation timestamp:

3/18/2016 9:08:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:f6AoTerBo32wjERhWLlw9BA2MCc5YWpW0W+qLxUrTQXL0wr7CLjcWg7/BFSnXziM:YTyIEfKYhMCzWNWrOrTQXv+ngjBcnDiM

Entry address:

0xA56F

Entry point:

E8, 69, 25, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 48, D3, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7... 
[+]

Entropy:

7.7681 (probably packed)

Code size:

67.5 KB (69,120 bytes)

Remove pwnbypasser__7934_il85063.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.