AdvancedSystemProtector.exe

ASP

Systweak Software

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Advanced System Protector_startup’.
Publisher:
Systweak Software  (signed and verified)

Product:
ASP

Version:
2.2.1000.22021

MD5:
8de440728b368b7d7ab01fd06a2eacda

SHA-1:
29cc9c2603c501989fc2265e018201f49aa7b625

SHA-256:
f3bd3a77f20ae24dfe3d1d1c98dee536066455923271e40bee3030dc723d644c

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 12:09:34 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
riskware program Program.Unwanted.1742
9.0.1.05190

File size:
6.4 MB (6,704,584 bytes)

Product version:
2.2.1000.22021

Copyright:
Copyright

Original file name:
AdvancedSystemProtector.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\asp\advancedsystemprotector.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
11/10/2016 1:00:00 AM

Valid to:
12/11/2017 12:59:59 AM

Subject:
CN=Systweak Software, O=Systweak Software, L=Jaipur, S=Rajasthan, C=IN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
45AC8048D659E21F46B79FC5BE3E1F8A

File PE Metadata
Compilation timestamp:
12/16/2016 7:31:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x65FE2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.4 MB (6,676,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Advanced System Protector_startup

Command:
"C:\Program Files\asp\advancedsystemprotector.exe" autolaunch


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to https-178-79-238-128.mrs.llnw.net  (178.79.238.128:80)

TCP (HTTP):
Connects to server-52-85-221-187.cdg50.r.cloudfront.net  (52.85.221.187:80)

TCP (HTTP):
Connects to cdn-68-142-101-7.mia1.llnw.net  (68.142.101.7:80)

TCP (HTTP):
Connects to cdn-68-142-101-254-mia1.llnw.net  (68.142.101.254:80)

TCP (HTTP):
Connects to https-69-28-164-128.dal.llnw.net  (69.28.164.128:80)

TCP (HTTP):
Connects to https-69-28-164-0.dal.llnw.net  (69.28.164.0:80)

TCP (HTTP):
Connects to server-52-85-83-16.lax1.r.cloudfront.net  (52.85.83.16:80)

TCP (HTTP):
Connects to cdn-87-248-207-253.arn.llnw.net  (87.248.207.253:80)

TCP (HTTP):
Connects to server-54-230-59-246.gru1.r.cloudfront.net  (54.230.59.246:80)

TCP (HTTP):
Connects to server-52-85-77-201.lax3.r.cloudfront.net  (52.85.77.201:80)

TCP (HTTP):
Connects to server-52-84-174-93.gru50.r.cloudfront.net  (52.84.174.93:80)

TCP (HTTP):
Connects to https-178-79-242-0.fra.llnw.net  (178.79.242.0:80)

TCP (HTTP):
Connects to server-54-192-19-248.iad12.r.cloudfront.net  (54.192.19.248:80)

TCP (HTTP):
Connects to server-54-192-19-10.iad12.r.cloudfront.net  (54.192.19.10:80)

TCP (HTTP):
Connects to server-52-85-83-137.lax1.r.cloudfront.net  (52.85.83.137:80)

TCP (HTTP):
Connects to server-52-84-174-38.gru50.r.cloudfront.net  (52.84.174.38:80)

TCP (HTTP):
Connects to server-52-84-174-113.gru50.r.cloudfront.net  (52.84.174.113:80)

TCP (HTTP):
Connects to https-178-79-242-128.fra.llnw.net  (178.79.242.128:80)

TCP (HTTP):
Connects to https-178-79-238-0.mrs.llnw.net  (178.79.238.0:80)

TCP (HTTP):
Connects to cdn-69-164-44-251.gru.llnw.net  (69.164.44.251:80)

Scan AdvancedSystemProtector.exe - Powered by Reason Core Security