home

_18b4eaca6aed157b14f49d.exe

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from p5.storage.canalblog.com and multiple other hosts.
MD5:
ce8ee64c66e92bbb46231b1be06aba22

SHA-1:
5bb368fbcf57d92d8c83a4487fdde7e713ed3a24

SHA-256:
d4f066db44f8ec61d8ec183091bead9578022c2385d4f7552b32f1b0c53fd26b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/10/2025 5:51:22 PM UTC  (today)

File size:
9.9 KB (10,134 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\installer\{2436940b-1c2c-4fb4-a703-0ee9b1350791}\_18b4eaca6aed157b14f49d.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
96:4kUpiZtd9KZZqwoxcOZQkNqaxnvKdrg8ZxYkyPF7o:gpaUZIwgtZtpvVDN7o

Entry point:
00, 00, 01, 00, 06, 00, 20, 20, 10, 00, 01, 00, 04, 00, E8, 02, 00, 00, 66, 00, 00, 00, 10, 10, 10, 00, 01, 00, 04, 00, 28, 01, 00, 00, 4E, 03, 00, 00, 20, 20, 00, 00, 01, 00, 08, 00, A8, 08, 00, 00, 76, 04, 00, 00, 10, 10, 00, 00, 01, 00, 08, 00, 68, 05, 00, 00, 1E, 0D, 00, 00, 20, 20, 00, 00, 01, 00, 20, 00, A8, 10, 00, 00, 86, 12, 00, 00, 10, 10, 00, 00, 01, 00, 20, 00, 68, 04, 00, 00, 2E, 23, 00, 00, 28, 00, 00, 00, 20, 00, 00, 00, 40, 00, 00, 00, 01, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9044

Safe for Initializing Control
CLSID:
{0A8EF901-46E5-11E3-A545-0013D350667C}

CLSID name:
TX - Text Control


Scheduled Task
Task name:
Ad-Aware Antivirus Scheduled Scan

Trigger:
Weekly (Runs weekly on Sundays at 12:00)

Description:
We do recommend performing scans regularly to ensure your computer is free of viruses, worms, Trojans and other malicious software. If you disable the


User Start Menu Item
Name:
_5ca7eb0450877d7f6842bb.exe


The file _18b4eaca6aed157b14f49d.exe has been discovered within the following programs.

Capture View  by GXDevelopment
About 5% of users remove it
GO Contact Sync Mod  by WebGear
googlesyncmod.sourceforge.net
About 8% of users remove it
HP MediaSmart SmartMenu  by Hewlett-Packard
Publisher's description - “The HP MediaSmart SmartMenu enables users to switch between MediaSmart applications, such as DVD, music, pictures (photos), video, and TV.”
www.hp.com/support
20% remove it
Motion Perfect 2  by Trio Motion Technology
www.TrioMotion.com
About 4% of users remove it
NinjaTrader 7  by NinjaTrader
About 1% of users remove it
RadioWORKS  by Joseph B. Kowalski
deserthail.com
About 5% of users remove it
Subsync  by CodeJunkies
About 9% of users remove it
The Panorama Factory V5 m32 Edition  by Smoky City Design
Create high-quality panoramas from a set of overlapping digital images.
www.panoramafactory.com
9% remove it
Topaz Adjust 4  by Topaz Labs
Publisher's description - “Infusing your images with vibrant color and stunning detail has never been easier. From exposure and color balance to subtle photo pops, HDR effects, grunge style and more, Topaz Adjust’s intuitive and powerful tools make it easy to recover and enhance any image.”
www.topazlabs.com
9% remove it
Topaz Clean 3  by Topaz Labs
Publisher's description - “You can achieve a variety of smoothing, detail flattening and edge enhancement techniques with the Topaz Clean plug-in. With just a few clicks, you can selectively control the appearance and intensity of detail in your photographs - or eliminate them all together.”
www.topazlabs.com/clean
4% remove it
 
Latest 20 of 13 programs
Powered by Should I Remove It?

The file _18b4eaca6aed157b14f49d.exe has been seen being distributed by the following 3 URLs.

http://p5.storage.canalblog.com/54/95/.../84755930.exe

https://serviciodecorreo.es/?_task=mail&_action=get&_mbox=Sent&_uid=638&_part=1&_download=1

http://alicemail8c.rossoalice.alice.it/cp/ps/.../Downloader?uid=2377&d=alice.it&u=leon.orbea&ai=0&t=92d126d121d79108d88d&c=yes&an=DefaultMailAccount&filename=_4DECB0DF1BFA8ECB8F619A.exe&l=it&fp=INBOX&dhid=attachmentDownloader&disposition=attachment

Scan _18b4eaca6aed157b14f49d.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.