» pxnaaxyml.exe
Overview
Analysis
File Details
Downloads (1)

pxnaaxyml.exe

Chicago Blackhawks

Develop Invest GROUP, TOV

The application pxnaaxyml.exe by Develop Invest GROUP, TOV has been detected as a potentially unwanted program by 6 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.hrwrap.tech.

File name:

pxnaaxyml.exe

Publisher:

Chicago Blackhawks Ltd (signed by Develop Invest GROUP, TOV)

Product:

Chicago Blackhawks

Description:

Philadelphia

Version:

3.6.12.2

MD5:

123645a987350fc07c5e9a8d9d5e9880

SHA-1:

9b6fae85c1101ee198c536152bd90aa3fd64dd17

SHA-256:

3cf564398682e77cd3ba8cfa12ba0ff01d4824928cd2a87aefa965ea3101c04d

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

7/10/2025 3:59:31 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Amonetize.12912

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Amonetize.64

11.5.0.6191

F-Secure

Variant.Graftor.269583

5.15.96

Kaspersky

not-a-virus:AdWare.Win32.Amonetize

15.0.0.562

Norman

Gen:Variant.Graftor.269583

10.04.2016 15:29:17

Reason Heuristics

PUP.Amonetize.DevelopI (M)

16.4.23.16

File size:

345.5 KB (353,824 bytes)

Product version:

3.6.0.0

Original file name:

hawks.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\pxnaaxyml.exe

Digital Signature

Signed by:

Develop Invest GROUP, TOV

Authority:

COMODO CA Limited

Valid from:

4/16/2016 6:00:00 PM

Valid to:

4/17/2017 5:59:59 PM

Subject:

CN="Develop Invest GROUP, TOV", OU=IT, O="Develop Invest GROUP, TOV", STREET="vul. Katerynynska, 33", L=Odesa, S=Odeska, PostalCode=65000, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4D63C89BF3BE8D25145431EFD3FD9B18

File PE Metadata

Compilation timestamp:

4/23/2016 10:09:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:7w2VotNgmUj4QwMQc8JanXG05FKHut0cxxvUdWpsI8qmFb5Qx+EzlG4:crgx4ZpEnH5cTcxx1sFlQMEzV

Entry address:

0x3B25

Entry point:

E8, 9F, 27, 00, 00, E9, 8C, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 88, DD, 3A, 00, 89, 0D, 84, DD, 3A, 00, 89, 15, 80, DD, 3A, 00, 89, 1D, 7C, DD, 3A, 00, 89, 35, 78, DD, 3A, 00, 89, 3D, 74, DD, 3A, 00, 66, 8C, 15, A0, DD, 3A, 00, 66, 8C, 0D, 94, DD, 3A, 00, 66, 8C, 1D, 70, DD, 3A, 00, 66, 8C, 05, 6C, DD, 3A, 00, 66, 8C, 25, 68, DD, 3A, 00, 66, 8C, 2D, 64, DD, 3A, 00, 9C, 8F, 05, 98, DD, 3A, 00, 8B, 45, 00, A3, 8C, DD, 3A, 00, 8B, 45, 04, A3, 90, DD, 3A, 00, 8D, 45, 08, A3, 9C, DD, 3A... 
[+]

Entropy:

7.1433

Code size:

28.5 KB (29,184 bytes)

The file pxnaaxyml.exe has been seen being distributed by the following URL.

http://www.hrwrap.tech/.../Bundle_NetworkManager.exe

Remove pxnaaxyml.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.