6c35a36e-3610-4c3f-b618-c315b9dbe3fd_withoutzoneid.exe

Content Defender

Artex Management S.A.

The application 6c35a36e-3610-4c3f-b618-c315b9dbe3fd_withoutzoneid.exe, “Content Defender Setup” by Artex Management S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from syscos18.ru.
Publisher:
"Artex Management S. A."  (signed by Artex Management S.A.)

Product:
Content Defender

Description:
Content Defender Setup

Version:
1.6.0.1

MD5:
8d109373c3916ca936a086528bd8efb9

SHA-1:
452cac909a518fd23754958f0086c0fd118e7d85

SHA-256:
af0b2b81c65f85e90aa5b01ac771c6ca8aa65da4d73369cc66bf4c896889f605

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:43:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ContentDefender.Optional.Installer.Meta (M)
15.10.10.10

File size:
5.4 MB (5,665,984 bytes)

Product version:
1.6.0.1

Copyright:
Copyright (C) 2015

Original file name:
ConDefSe.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\6c35a36e-3610-4c3f-b618-c315b9dbe3fd_withoutzoneid.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/13/2015 4:00:00 AM

Valid to:
12/31/2015 2:59:59 AM

Subject:
CN=Artex Management S.A., OU=dev, O=Artex Management S.A., STREET="50th Street , Global Plaza Tower, 19th Floor, Suite H", L=Panama City, S=Outside United States, PostalCode=0834, C=PA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0085DAD9C9A9442461B37820CC56A5D533

File PE Metadata
Compilation timestamp:
9/4/2015 8:14:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
98304:hzLq5bqTdJMNvrAaKVM4WuacQOZqcHgzcdmL7cQ8Lecc1ts//4DDO1:Wo6tMaKW8yOZqcHgKm/c9ecI8

Entry address:
0xC2FE

Entry point:
E8, 9A, 4F, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, DA, F8, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, C4, F8, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 20, 44, 42, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 49, EA, FF, FF, 8B, 47, 08, 8B, 4F, 0C, 03...
 
[+]

Code size:
98.5 KB (100,864 bytes)

The file 6c35a36e-3610-4c3f-b618-c315b9dbe3fd_withoutzoneid.exe has been seen being distributed by the following URL.