home

4s025j8kvaog.exe

Canon IJ Scan Utility

PKK OOO

The executable 4s025j8kvaog.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
CANON INC.  (signed by PKK OOO)

Product:
Canon IJ Scan Utility

Version:
1.1.10.8968

MD5:
506bca7cc43bc06ff64bffb99e336c47

SHA-1:
9bdac231f0e6969aaaf80d49e49400d2763d960b

SHA-256:
ba9874f0a77bb56d740355472ee2dcc35384d591213c1c1a101312af757c45fd

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 8:06:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.5.9

File size:
587.4 KB (601,528 bytes)

Product version:
1.1.10.8968

Copyright:
Copyright CANON INC. 2012-2014

Original file name:
ScanUtility.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\4s025j8kvaog.exe

Digital Signature
Signed by:
PKK OOO

Authority:
COMODO CA Limited

Valid from:
5/20/2015 3:00:00 AM

Valid to:
5/20/2016 2:59:59 AM

Subject:
CN=PKK OOO, O=PKK OOO, STREET=103 ul.Krasnoarmeiskaya, L=Bryansk, S=Bryansk Region, PostalCode=241037, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009C395A86D91DA63BAC9CEF694A772B43

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x8599B

Entry point:
E9, 96, 2D, 00, 00, 23, 5D, DF, D1, AB, 01, 35, 58, E1, 58, 89, DD, 51, 2E, 74, 08, 10, 84, 55, A0, 52, 06, DC, D0, B2, 62, FA, 5A, 48, 10, C2, 96, 4C, 08, DA, 4E, 7E, 42, 64, F4, 4A, 52, C3, 9B, 78, 7C, AD, 72, 74, BD, B9, F9, 37, 47, D4, 6A, 4B, 14, 75, 54, 3F, 8D, AA, 49, 32, DD, 9B, BA, 05, EE, EE, 76, F8, E8, DE, AE, F8, 48, 4D, AB, 72, 50, 66, F3, DA, 6B, BF, 45, F5, FA, 7D, DC, CE, F5, 62, 20, 51, 7B, 57, 70, 6B, A5, 82, F6, CD, 73, D3, 57, 9E, EC, 82, 03, 1C, D5, A3, C5, 84, 80, BF, 37, 2F, 2D, E5...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
441 KB (451,584 bytes)

Remove 4s025j8kvaog.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.