» 691a7efb-2f78-426d-802e-cca599c038c1.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

691a7efb-2f78-426d-802e-cca599c038c1.exe

Content Protector

LLC

The application 691a7efb-2f78-426d-802e-cca599c038c1.exe, “Content Protector Setup” by LLC has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program ContentProtector by Artex Management S. A.. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dysy.storial.ru and multiple other hosts.

File name:

Publisher:

"Artex Management S. A." (signed by LLC )

Product:

Content Protector

Description:

Content Protector Setup

Version:

2.0.0.1

MD5:

f65f69a96eea09eedd94881c335577cc

SHA-1:

68f527876a9c814428dd2dafff3a7f2d06c85df4

SHA-256:

b93a8fedd37b6737ce4bb7edc8958e05056883f72f0e23938afcf8c62ee87e2f

Scanner detections:

3 / 68

Status:

Adware

Analysis date:

11/15/2024 11:48:07 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/RiskWare.NetFilter.W application

8.0.319.0

Kaspersky

not-a-virus:NetTool.Win64.NetFilter

15.0.0.562

Reason Heuristics

PUP.Amonitize.ArtexMan.Installer (M)

16.3.12.13

File size:

6 MB (6,254,424 bytes)

Product version:

2.0.0.1

Original file name:

ConProtSe.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\691a7efb-2f78-426d-802e-cca599c038c1.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

11/10/2015 2:00:00 AM

Valid to:

11/10/2016 1:59:59 AM

Subject:

CN="LLC ""IT-PROF""", OU=IT, O="LLC ""IT-PROF""", STREET="prosp. Heroyiv Stalinhrada, 48", L=Kiev, S=Kiev, PostalCode=04213, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7B1E28BB38088B1862D9E29DE894FEEB

File PE Metadata

Compilation timestamp:

3/11/2016 5:48:42 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:/LfzzlMbJGa2kqoTIdEFK6+ZqEKB+jF45qveSVjOZ2qWqX9a6WH3mXttGHilhBeU:i2iIQB+j+Q3tfqta6lPhfz1

Entry address:

0x13262

Entry point:

E8, 46, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 98, 48, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 98, 48, 42, 00, 8B, 00, 89, 41, 04, 8B, C1, C6, 41, 08, 00, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 98, 48, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 98, 48, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08... 
[+]

Code size:

129 KB (132,096 bytes)

The file 691a7efb-2f78-426d-802e-cca599c038c1.exe has been discovered within the following program.

ContentProtector by Artex Management S. A.

About 3% of users remove it

The file 691a7efb-2f78-426d-802e-cca599c038c1.exe has been seen being distributed by the following 2 URLs.

http://dysy.storial.ru/installs/.../5a5fec3c.exe

http://gils.clothere.ru/installs/.../5a5fec3c.exe

Remove 691a7efb-2f78-426d-802e-cca599c038c1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.