home

2lhhaa9hq60l.exe

Microsoft Application Error Reporting

OOO Kul Stil

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application 2lhhaa9hq60l.exe by OOO Kul Stil has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by OOO Kul Stil)

Product:
Microsoft Application Error Reporting

Version:
12.0.6606.1000

MD5:
f2797b65d5c02f160e2ab1ff482687b4

SHA-1:
b260ff9ab78cb85d0dd237d8ec6d970969582baf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 9:35:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LoadMoney (M)
17.2.25.12

File size:
1018 KB (1,042,416 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
DW20.Exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\2lhhaa9hq60l.exe

Digital Signature
Signed by:
OOO Kul Stil

Authority:
COMODO CA Limited

Valid from:
7/19/2016 4:00:00 AM

Valid to:
7/20/2017 3:59:59 AM

Subject:
CN=OOO Kul Stil, O=OOO Kul Stil, STREET="p-t Makeeva, 42, 129", L=Miass, S=Chelabinskaya, PostalCode=456320, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0096A297EB9ACB5447A1780AED36B84995

File PE Metadata
Compilation timestamp:
8/12/2016 11:16:48 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1020

Entry point:
55, 8B, EC, 81, EC, D0, 03, 00, 00, 8B, 45, F0, 03, 45, F8, 89, 45, F4, 6A, 00, FF, 15, 00, 21, 40, 00, 8B, 4D, EC, C1, E9, BC, 89, 4D, F4, 8B, 55, F4, 81, EA, 5F, 0F, E7, 09, 89, 55, F0, 68, 4C, E0, 45, 00, FF, 15, 04, 21, 40, 00, 8B, 45, F0, 2D, 3C, FD, 26, 12, 89, 45, EC, 6A, 00, 8B, 4D, F8, 51, FF, 15, 80, 21, 40, 00, 8B, 55, EC, 52, FF, 15, 30, 20, 40, 00, 8B, 45, EC, 2B, 45, F0, 89, 45, F4, 68, 64, E0, 45, 00, FF, 15, 08, 21, 40, 00, 8B, 55, F0, 8B, 4D, F0, D3, EA, 89, 55, F0, 8B, 45, EC, 69, C0, 06...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.5 KB (3,584 bytes)

Remove 2lhhaa9hq60l.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.