home

4bbu8hna2qp1.exe

Microsoft Application Error Reporting

OOO Kul Stil

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application 4bbu8hna2qp1.exe by OOO Kul Stil has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Microsoft Corporation  (signed by OOO Kul Stil)

Product:
Microsoft Application Error Reporting

Version:
12.0.6606.1000

MD5:
75c0c0eb48932f9306cfc0f51428efde

SHA-1:
e89995c08a75f206b6aaf558d45025d782b96aa7

SHA-256:
6bb2c8c0251bee2c64d53cfab371360771bdf377e2a1f5a9737d67cde7140d64

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 9:26:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LoadMoney (M)
17.3.16.10

File size:
1018 KB (1,042,416 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
DW20.Exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\4bbu8hna2qp1.exe

Digital Signature
Signed by:
OOO Kul Stil

Authority:
COMODO CA Limited

Valid from:
7/19/2016 3:00:00 AM

Valid to:
7/20/2017 2:59:59 AM

Subject:
CN=OOO Kul Stil, O=OOO Kul Stil, STREET="p-t Makeeva, 42, 129", L=Miass, S=Chelabinskaya, PostalCode=456320, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0096A297EB9ACB5447A1780AED36B84995

File PE Metadata
Compilation timestamp:
8/12/2016 6:20:30 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1020

Entry point:
55, 8B, EC, 81, EC, D0, 03, 00, 00, 68, 4C, E0, 45, 00, 8B, 45, E8, 50, FF, 15, 78, 21, 40, 00, 8B, 4D, F4, 51, 8B, 55, EC, 52, FF, 15, 2C, 20, 40, 00, 8B, 45, EC, C1, E0, E6, 89, 45, F4, 8B, 4D, F8, 0F, AF, 4D, F4, 89, 4D, F4, 8B, 55, F8, 52, FF, 15, 84, 21, 40, 00, 8B, 45, E8, 50, FF, 15, 30, 20, 40, 00, 8B, 4D, F0, C1, E1, 04, 89, 4D, E8, 8B, 55, EC, 03, 55, E8, 89, 55, F0, 8B, 45, F4, 50, FF, 15, 84, 21, 40, 00, 8B, 55, F4, 8B, 4D, EC, D3, EA, 89, 55, F4, 8B, 45, EC, 8B, 4D, E8, D3, E0, 89, 45, F8, 68...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.5 KB (3,584 bytes)

Remove 4bbu8hna2qp1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.