691a7efb-2f78-426d-802e-cca599c038c1.exe

Content Protector

LLC

The application 691a7efb-2f78-426d-802e-cca599c038c1.exe, “Content Protector Setup” by LLC has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program ContentProtector by Artex Management S. A.. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dysy.storial.ru and multiple other hosts.
Publisher:
"Artex Management S. A."  (signed by LLC )

Product:
Content Protector

Description:
Content Protector Setup

Version:
2.0.0.1

MD5:
f65f69a96eea09eedd94881c335577cc

SHA-1:
68f527876a9c814428dd2dafff3a7f2d06c85df4

SHA-256:
b93a8fedd37b6737ce4bb7edc8958e05056883f72f0e23938afcf8c62ee87e2f

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 5:48:22 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/RiskWare.NetFilter.W application
8.0.319.0

Kaspersky
not-a-virus:NetTool.Win64.NetFilter
15.0.0.562

Reason Heuristics
PUP.Amonitize.ArtexMan.Installer (M)
16.3.12.13

File size:
6 MB (6,254,424 bytes)

Product version:
2.0.0.1

Copyright:
Copyright: (c) "Artex Management S. A.". All rights reserved.

Original file name:
ConProtSe.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\691a7efb-2f78-426d-802e-cca599c038c1.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/10/2015 2:00:00 AM

Valid to:
11/10/2016 1:59:59 AM

Subject:
CN="LLC ""IT-PROF""", OU=IT, O="LLC ""IT-PROF""", STREET="prosp. Heroyiv Stalinhrada, 48", L=Kiev, S=Kiev, PostalCode=04213, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7B1E28BB38088B1862D9E29DE894FEEB

File PE Metadata
Compilation timestamp:
3/11/2016 5:48:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:/LfzzlMbJGa2kqoTIdEFK6+ZqEKB+jF45qveSVjOZ2qWqX9a6WH3mXttGHilhBeU:i2iIQB+j+Q3tfqta6lPhfz1

Entry address:
0x13262

Entry point:
E8, 46, 52, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 98, 48, 42, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 98, 48, 42, 00, 8B, 00, 89, 41, 04, 8B, C1, C6, 41, 08, 00, 5D, C2, 08, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, 83, 66, 04, 00, C7, 06, 98, 48, 42, 00, C6, 46, 08, 00, E8, 12, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, 98, 48, 42, 00, E9, 96, 00, 00, 00, 55, 8B, EC, 56, 57, 8B, 7D, 08...
 
[+]

Code size:
129 KB (132,096 bytes)

The file 691a7efb-2f78-426d-802e-cca599c038c1.exe has been discovered within the following program.

ContentProtector  by Artex Management S. A.
About 3% of users remove it
 
Powered by Should I Remove It?

The file 691a7efb-2f78-426d-802e-cca599c038c1.exe has been seen being distributed by the following 2 URLs.

Remove 691a7efb-2f78-426d-802e-cca599c038c1.exe - Powered by Reason Core Security