home

1.exe

Dr.Web

KOMP-GARANT

The application 1.exe, “Agent for Windows” by KOMP-GARANT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from getfile-prosoft-one.ru.
Publisher:
Doctor Web, Ltd.  (signed by KOMP-GARANT)

Product:
Dr.Web ®

Description:
Agent for Windows

Version:
6.0.1.07066

MD5:
739ceec3f9ee8166109be0ba7b622289

SHA-1:
32026c04a895056a518495679237a3e0bb2d2b91

SHA-256:
821eceb1d68c160779cd9fdd2613a3dc74f35ae8127abcccf6917cad399bcc34

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/14/2025 4:41:22 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.KOMPGARANT (M)
16.2.18.0

File size:
1.1 MB (1,123,328 bytes)

Product version:
6.0.1.07066

Copyright:
Copyright © Igor Daniloff, 1992-2010

Original file name:
SpIDerAgent.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\1.exe

Digital Signature
Signed by:
KOMP-GARANT

Authority:
COMODO CA Limited

Valid from:
10/9/2015 4:00:00 AM

Valid to:
10/9/2016 3:59:59 AM

Subject:
CN="""KOMP-GARANT"",OOO", O="""KOMP-GARANT"",OOO", STREET="d. 4 korp. 3 kv. VI, ul.Kirovogradskay", L=Moscow, S=Moscow, PostalCode=117587, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DDF03E3656C370A166F00225E6978B94

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
24576:M3Wyc1z5GBubYVjvqGDGS/ZTX0VvT3tefZubKPvy:KzINkcYkGa0k9cfO06

Entry address:
0x66EE8

Entry point:
89, FF, 75, 02, 37, 90, 01, FE, E8, CF, ED, FF, FF, 4E, 90, EB, 08, 90, 12, 77, 04, FC, 90, FC, 90, 68, 5C, 6F, 46, 00, E9, 63, BA, 04, 00, 40, 66, 85, E1, 33, D8, 66, 3D, F0, 43, F7, C7, 65, 1F, 06, 2C, E9, 43, AC, 04, 00, 66, 89, 44, 25, 04, 9C, 8F, 44, 25, 00, 9F, 8B, 06, F8, 81, C6, 04, 00, 00, 00, 33, C3, 0F, C8, 66, 3B, C1, E9, 4C, EB, 06, 00, E9, 80, 11, 04, 00, 03, F8, E9, 0E, 83, 08, 00, E9, 4D, A6, 04, 00, E9, EF, 5A, 05, 00, E8, AD, A0, F9, FF, C3, F7, D0, E9, 70, 94, 04, 00, 03, F8, FF, E7, 00...
 
[+]

Code size:
952.5 KB (975,360 bytes)

The file 1.exe has been seen being distributed by the following URL.

http://getfile-prosoft-one.ru/archive.php?site=cfg&file=1&dfile=first-cheats-engine02&dzfile=ru&per=one

Remove 1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.