home

aee67c42-5879-b52a-ae02-c271abf26d8f_1d1e81d3c86b682

RTK-TERMINAL

The file aee67c42-5879-b52a-ae02-c271abf26d8f_1d1e81d3c86b682 has been detected as malware by 1 anti-virus scanner. The file has been seen being downloaded from doc-0c-78-docs.googleusercontent.com.
Publisher:
CCO Ltd  (signed by RTK-TERMINAL)

Version:
3.23.5.110m

MD5:
2cff6f73f5044d85a50418e12beb7b12

SHA-1:
82c03033b7ccd39d214398fef5154776a28b629a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:32:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.7.28.10

File size:
4.1 MB (4,293,696 bytes)

Product version:
3.23.5.110m

Original file name:
CCo.EXE

Language:
English (United States)

Common path:
C:\ProgramData\microsoft\microsoft antimalware\scans\filesstash\aee67c42-5879-b52a-ae02-c271abf26d8f_1d1e81d3c86b682

Digital Signature
Signed by:
RTK-TERMINAL

Authority:
COMODO CA Limited

Valid from:
7/21/2016 6:00:00 AM

Valid to:
7/22/2017 5:59:59 AM

Subject:
CN=RTK-TERMINAL, O=RTK-TERMINAL, STREET="Rabochaja, 8", L=Belgorod, S=RU, PostalCode=308017, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008FE8A0659D9D5D697A9EBEE89E4559F7

The file aee67c42-5879-b52a-ae02-c271abf26d8f_1d1e81d3c86b682 has been seen being distributed by the following URL.

https://doc-0c-78-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/988kejm49h4530erik7jtvkjordfd19e/1469541600000/02561975749636714354/.../0B2edD1HNoMrKNzJ2MnoyZ0I3WDA?e=download

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.