52129c7b-6a33-44ee-87cd-e8913216e84d.exe

SmartSearchPanel

Artex Management S. A.

The application 52129c7b-6a33-44ee-87cd-e8913216e84d.exe, “SmartSearchPanel Setup ” by Artex Management S. A has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from syscos18.ru.
Publisher:
SmartSearch   (signed by Artex Management S. A.)

Product:
SmartSearchPanel

Description:
SmartSearchPanel Setup

MD5:
4f6ab63c3bb7c241b2613bc7e7b052f3

SHA-1:
c950cdac82bf2e0107b138a96caa1b7c2c3d3d13

SHA-256:
8b698ce5ec1e5211ed1088a50bc193d017420b8ebf301bcb4eb1c4bacafec2e2

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:12:33 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2978

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Trojan.Zadved.107
9.0.1.0266

Fortinet FortiGate
Adware/Agent
9/23/2015

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1385

NANO AntiVirus
Trojan.Win32.Agent.dwzbcf
0.30.24.3283

Panda Antivirus
Generic Suspicious
15.09.23.02

Reason Heuristics
PUP.ArtexManagementSA.Installer (M)
15.9.23.2

File size:
1.7 MB (1,795,976 bytes)

Product version:
1.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\52129c7b-6a33-44ee-87cd-e8913216e84d.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/3/2014 6:00:00 AM

Valid to:
10/4/2015 5:59:59 AM

Subject:
CN=Artex Management S. A., OU=Software Development, O=Artex Management S. A., STREET="50th Street , Global Plaza Tower, 19th Floor, Suite H", L=Panama City, PostalCode=12800, C=PA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DDAF970527F5B24C6E53754F76D21CC3

File PE Metadata
Compilation timestamp:
7/16/2015 7:24:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Vq5a0EsWonRjhBwLKg6ZmHSWRcBgAiDcEh8lK9fF81U:E51Vr2KgTHVRwgAzw9+1U

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 34, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 1E, D8, FF, FF, E8, 6D, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 33, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 54, 86...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file 52129c7b-6a33-44ee-87cd-e8913216e84d.exe has been seen being distributed by the following URL.

Remove 52129c7b-6a33-44ee-87cd-e8913216e84d.exe - Powered by Reason Core Security