home

4e75abeb-68a6-422f-99a1-d86cce755bb2.exe

eTranslator

Artex Management S. A.

The application 4e75abeb-68a6-422f-99a1-d86cce755bb2.exe by Artex Management S. A has been detected as a potentially unwanted program by 11 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from syscos15.ru and multiple other hosts.
Publisher:
eTranslator App  (signed by Artex Management S. A.)

Product:
eTranslator

Version:
1.5.5.0

MD5:
156231c8e3f8a78ea08b082f2be07ecb

SHA-1:
ceb43ad625cb028100f0a27204c268a12805ae9c

SHA-256:
e305d5231d02b885f086fe46812ae5b3ece87a1e5f3d30c8c7c3d5455663542d

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:54:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-CIW [PUP]
2014.9-150525

AVG
Generic
2016.0.3098

Baidu Antivirus
PUA.Win32.eTranslatorPro
4.0.3.15525

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Zadved.107
9.0.1.0145

Emsisoft Anti-Malware
Adware.Dropper.AT
8.15.08.24.09

ESET NOD32
Win32/eTranslatorPro.A potentially unwanted (variant)
9.11666

F-Secure
Adware.Dropper.AT
11.2015-24-08_2

Malwarebytes
PUP.Optional.Etranslator
v2015.05.25.09

Norman
Adware.Dropper.AT
11.20150824

Reason Heuristics
PUP.ArtexManagementSA
15.5.25.21

File size:
4.6 MB (4,820,216 bytes)

Product version:
1.5.5.0

Copyright:
eTranslator App (c) 2015

Trademarks:
eTranslator App

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\4e75abeb-68a6-422f-99a1-d86cce755bb2.exe

Digital Signature
Signed by:
Artex Management S. A.

Authority:
COMODO CA Limited

Valid from:
10/3/2014 3:00:00 AM

Valid to:
10/4/2015 2:59:59 AM

Subject:
CN=Artex Management S. A., OU=Software Development, O=Artex Management S. A., STREET="50th Street , Global Plaza Tower, 19th Floor, Suite H", L=Panama City, PostalCode=12800, C=PA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DDAF970527F5B24C6E53754F76D21CC3

File PE Metadata
Compilation timestamp:
5/18/2015 6:16:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:yYHLT4kaZL+Ob+wyrlfn/aFO2sMie8xZmvlr:yST4kIul2ONNeymdr

Entry address:
0x37C764

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, 70, EA, 76, 00, E8, 57, 29, C9, FF, 33, C0, 55, 68, DB, C7, 77, 00, 64, FF, 30, 64, 89, 20, E8, 10, A5, C8, FF, 85, C0, 75, 30, E8, 4B, 9B, EF, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, 59, A5, C8, FF, 8B, 45, EC, 33, D2, E8, D3, 9B, EF, FF, A1, E0, AF, 79, 00, 8B, 00, E8, 63, 5A, E4, FF, E8, 6E, 22, FF, FF, EB, 05, E8, 8B, CB, FE, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, E2, C7, 77, 00, 8D, 45, EC, E8, 22, E0, C8, FF, C3, E9, 74, D5, C8, FF, EB, F0, E8, 3D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.5 MB (3,651,584 bytes)

The file 4e75abeb-68a6-422f-99a1-d86cce755bb2.exe has been seen being distributed by the following 2 URLs.

http://syscos15.ru/.../3ed32c58e4de008ccab855480c3a404e.exe

http://syscos30.ru/.../3ed32c58e4de008ccab855480c3a404e.exe

Remove 4e75abeb-68a6-422f-99a1-d86cce755bb2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.