» 5596b4e010aa.exe
Overview
Analysis
File Details
Behaviors (1)

5596b4e010aa.exe

tal ltd

The application 5596b4e010aa.exe by tal ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CrashMon’.

File name:

5596b4e010aa.exe

Publisher:

tal ltd (signed and verified)

MD5:

708760f576b7901791db24367c60d22e

SHA-1:

f5756bb46ac024d9a7d9f93460c5f5ec6313bc13

SHA-256:

44d6a7ca87e81a94e60964953191ff18129d8320c43667a7875eb11c572ac470

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/30/2024 9:11:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.tal (M)

16.5.13.1

File size:

408.6 KB (418,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\0ca45c95134d\5596b4e010aa.exe

Digital Signature

Signed by:

tal ltd

Authority:

COMODO CA Limited

Valid from:

8/3/2014 2:00:00 AM

Valid to:

8/4/2015 1:59:59 AM

Subject:

CN=tal ltd, O=tal ltd, STREET=22-24 Mayor Parvan Toshev str, L=sofia, S=bulgaria, PostalCode=1000, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

78499DB2D1D10A05A9078A2DD520E0AA

File PE Metadata

Compilation timestamp:

11/5/2014 5:18:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:xCPUdBMg5rDC774RDG3i+VMowPCY45+VoWhQTdPIc4riEuIOqr5BXroQk+viZShL:tdBX/+iX45WW34rhr5RdiU9Cob

Entry address:

0x11CAD

Entry point:

6F, 74, 2E, 63, 6F, 6D, 26, 71, 75, 6F, 74, 3B, 2C, 26, 71, 75, 6F, 74, 3B, 69, 73, 74, 6C, 64, 26, 71, 75, 6F, 74, 3B, 3A, 74, 72, 75, 65, 2C, 26, 71, 75, 6F, 74, 3B, 61, 61, 74, 26, 71, 75, 6F, 74, 3B, 3A, 31, 2C, 26, 71, 75, 6F, 74, 3B, 6F, 26, 71, 75, 6F, 74, 3B, 3A, 37, 37, 37, 36, 30, 30, 30, 30, 30, 7D, 2C, 7B, 26, 71, 75, 6F, 74, 3B, 64, 6F, 6D, 61, 69, 6E, 26, 71, 75, 6F, 74, 3B, 3A, 26, 71, 75, 6F, 74, 3B, 74, 68, 65, 66, 69, 72, 73, 74, 72, 6F, 77, 61, 70, 70, 26, 71, 75, 6F, 74, 3B, 2C, 26, 71... 
[+]

Code size:

312.5 KB (320,000 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CrashMon

Command:

"C:\Program Files\0ca45c95134d\5596b4e010aa.exe" "universalupdater" "httC:\log.data-url.com\crash\"

Remove 5596b4e010aa.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.