pxnaaxyml.exe

Chicago Blackhawks

Develop Invest GROUP, TOV

The application pxnaaxyml.exe by Develop Invest GROUP, TOV has been detected as a potentially unwanted program by 6 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.hrwrap.tech.
Publisher:
Chicago Blackhawks Ltd  (signed by Develop Invest GROUP, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
123645a987350fc07c5e9a8d9d5e9880

SHA-1:
9b6fae85c1101ee198c536152bd90aa3fd64dd17

SHA-256:
3cf564398682e77cd3ba8cfa12ba0ff01d4824928cd2a87aefa965ea3101c04d

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
7/10/2025 1:03:57 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Amonetize.12912
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Amonetize.64
11.5.0.6191

F-Secure
Variant.Graftor.269583
5.15.96

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.562

Norman
Gen:Variant.Graftor.269583
10.04.2016 15:29:17

Reason Heuristics
PUP.Amonetize.DevelopI (M)
16.4.23.16

File size:
345.5 KB (353,824 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pxnaaxyml.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/16/2016 6:00:00 PM

Valid to:
4/17/2017 5:59:59 PM

Subject:
CN="Develop Invest GROUP, TOV", OU=IT, O="Develop Invest GROUP, TOV", STREET="vul. Katerynynska, 33", L=Odesa, S=Odeska, PostalCode=65000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D63C89BF3BE8D25145431EFD3FD9B18

File PE Metadata
Compilation timestamp:
4/23/2016 10:09:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:7w2VotNgmUj4QwMQc8JanXG05FKHut0cxxvUdWpsI8qmFb5Qx+EzlG4:crgx4ZpEnH5cTcxx1sFlQMEzV

Entry address:
0x3B25

Entry point:
E8, 9F, 27, 00, 00, E9, 8C, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 88, DD, 3A, 00, 89, 0D, 84, DD, 3A, 00, 89, 15, 80, DD, 3A, 00, 89, 1D, 7C, DD, 3A, 00, 89, 35, 78, DD, 3A, 00, 89, 3D, 74, DD, 3A, 00, 66, 8C, 15, A0, DD, 3A, 00, 66, 8C, 0D, 94, DD, 3A, 00, 66, 8C, 1D, 70, DD, 3A, 00, 66, 8C, 05, 6C, DD, 3A, 00, 66, 8C, 25, 68, DD, 3A, 00, 66, 8C, 2D, 64, DD, 3A, 00, 9C, 8F, 05, 98, DD, 3A, 00, 8B, 45, 00, A3, 8C, DD, 3A, 00, 8B, 45, 04, A3, 90, DD, 3A, 00, 8D, 45, 08, A3, 9C, DD, 3A...
 
[+]

Entropy:
7.1433

Code size:
28.5 KB (29,184 bytes)

The file pxnaaxyml.exe has been seen being distributed by the following URL.

Remove pxnaaxyml.exe - Powered by Reason Core Security