49165

Sysinternals autoruns

Supersoft

The file 49165, “Autostart program viewer” by Supersoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Sysinternals - www.sysinternals.com  (signed by Supersoft)

Product:
Sysinternals autoruns

Description:
Autostart program viewer

Version:
11.70

MD5:
ae530a3da1be79a7ea041f3c8163d667

SHA-1:
e14a18fc4098778fba268b3b0a7891775a62d667

SHA-256:
0f8311f40d35ee72ff452ffc3a895d9e5335b4cd16a0ef9568968ba41e207242

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/30/2024 11:02:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Supersof (M)
16.7.3.14

File size:
268.2 KB (274,624 bytes)

Product version:
11.70

Copyright:
Copyright (C) 2002-2013 Mark Russinovich and Bryce Cogswell

Original file name:
autoruns.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\49165

Digital Signature
Signed by:

Authority:
Supersoft

Valid from:
9/30/2012 5:26:38 AM

Valid to:
12/31/2039 8:59:59 PM

Subject:
CN=Supersoft

Issuer:
CN=Supersoft

Serial number:
6B50254A40C7CFB14A405056B8F04272

File PE Metadata
Compilation timestamp:
4/25/2014 4:28:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:lptk20vpJaLedBZRNFnFSxH5IHZzvptXhP:5ktpJRrZR0xHWHZzxtXd

Entry address:
0x3E34E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
241 KB (246,784 bytes)

Remove 49165 - Powered by Reason Core Security