home

5cqfdfvymabb.exe

Proxomitron

SBIS

The application 5cqfdfvymabb.exe by SBIS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Groom-A-Zebu (tm)   (signed by SBIS)

Product:
Proxomitron

Description:
The Proxomitron

Version:
4, 5, 0, 4

MD5:
3126851fb8c37064309e8c3aa41c0207

SHA-1:
2c175d25a9555bfd554edc68295872fadf6e80cf

SHA-256:
d10b454792c022d6af2017f1710309c38d8967aa129ac7e070dbf45860bd5598

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 7:51:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.22.18

File size:
619.4 KB (634,296 bytes)

Product version:
Naoko-4.5 2003-6-1

Copyright:
Copyright © 1999 - 2003 By Scott R. Lemmon

Trademarks:
Proxomitron, The, and the letters A-Z

Original file name:
Proxomitron.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\5cqfdfvymabb.exe

Digital Signature
Signed by:
SBIS

Authority:
COMODO CA Limited

Valid from:
5/3/2015 2:00:00 AM

Valid to:
5/3/2016 1:59:59 AM

Subject:
CN=SBIS, O=SBIS, STREET="PR-T MOSKOVSKIJ, 12", L=YAROSLAVL, S=YAROSLAVL REGION, PostalCode=150001, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009CA0BE54A9516364680AD45D6408C6A2

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x8B078

Entry point:
68, 28, 09, 7C, 7E, 60, C7, 44, 24, 20, D9, 03, 2B, 87, E8, DB, 51, FF, FF, 89, 18, E9, DB, 60, FF, FF, E9, 1F, 69, FF, FF, 0F, 93, C3, 80, C7, 39, F6, D7, 11, CB, 89, C3, E8, A8, 84, FF, FF, F7, C5, 85, 2F, E3, 5D, E8, 08, ED, FF, FF, 00, 00, 4C, 6F, 61, 64, 4C, 69, 62, 72, 61, 72, 79, 41, 00, 00, 00, 57, 53, 41, 43, 6C, 6F, 73, 65, 45, 76, 65, 6E, 74, 00, 0F, BD, C5, 89, D0, 8D, 64, 24, 20, 28, C8, B0, 06, 83, C7, 01, D2, C8, 30, D0, 8A, 07, 60, F8, 84, CE, 84, C0, E8, 0E, D8, FF, FF, 9C, E9, F8, CD, FF...
 
[+]

Entropy:
6.2895

Code size:
440.5 KB (451,072 bytes)

Remove 5cqfdfvymabb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.