» assist by aol pc scan.exe
Overview
Analysis
File Details
Downloads (2)

assist by aol pc scan.exe

Assist by AOL PC Scan

Sutherland Global Services, Inc.

The application assist by aol pc scan.exe, “AOL Help Me Free PC Performance and Virus Quick Scan ” by Sutherland Global Services has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from sgsaolfrescanprod.elasticbeanstalk.com and multiple other hosts.

File name:

Publisher:

Sutherland Global Services Inc (signed by Sutherland Global Services, Inc.)

Product:

Assist by AOL PC Scan

Description:

AOL Help Me Free PC Performance and Virus Quick Scan

Version:

1.0.0.9

MD5:

0a7ef132f2a6cb2da59d3359a2a9faa2

SHA-1:

6da27aa74d790b70e882141a35e5c0a1fd15ee48

SHA-256:

7157336b6d1001b860dfd86fec138671b1e0c5d5a397248101fd42cb66389c9e

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 8:17:46 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Qhost.zka

7.11.30.172

Comodo Security

TrojWare.Win32.TrojanDropper.Agent.PNA

23405

Dr.Web

Program.Unwanted.173

9.0.1.025

File size:

6.2 MB (6,504,016 bytes)

Product version:

1.0.0.9, 0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\assist by aol pc scan.exe

Digital Signature

Signed by:

Sutherland Global Services, Inc.

Authority:

VeriSign, Inc.

Valid from:

8/28/2014 8:00:00 PM

Valid to:

9/27/2017 7:59:59 PM

Subject:

CN="Sutherland Global Services, Inc.", O="Sutherland Global Services, Inc.", L=Rochester, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1B8951C280D403A3BAB4935A6666A037

File PE Metadata

Compilation timestamp:

11/3/2013 10:38:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

98304:t+Jp8fXhTYDsO4+D3juVu5ISuhmJe7vWhHT85TxgyozFb7eW03ctod+e2Q6:t+oXhcsO4+DzuVRzRLeHTeTqntBI6

Entry address:

0x181DD

Entry point:

E8, DA, 3E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, F8, A4, 42, 00, E8, 79, F9, FF, FF, 6A, 0E, E8, AD, 1C, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, C4, 06, 43, 00, BA, C0, 06, 43, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, B4, F2, FF, FF, 59, FF, 76, 04, E8, AB, F2, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 68, F9, FF, FF, C3, 8B, D0, EB, C5, 6A, 0E, E8, 78, 1B, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.9870 (probably packed)

Code size:

134 KB (137,216 bytes)

The file assist by aol pc scan.exe has been seen being distributed by the following 2 URLs.

http://sgsaolfrescanprod.elasticbeanstalk.com/

http://sgsaolfrescanprod.elasticbeanstalk.com/?emailid=imstampman6@aol.com&ncid=txtlnkusaolp00001736

Remove assist by aol pc scan.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.