assistant_v3.exe

The application assistant_v3.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from i1.yourfilesdatak.asia and multiple other hosts.
MD5:
38f61d046e575971ed83c4f71accd132

SHA-1:
13d25bd999108af453134fc2ecce927db89d4a1f

SHA-256:
0e807fb345544c7640561348bee7c4fc29e5fd1c51dee66285bb1461b8892369

Scanner detections:
22 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:02:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NRJ
1141

avast!
NSIS:SProtector-A [PUP]
2014.9-131201

AVG
Generic5
2014.0.3639

Bitdefender
Adware.Agent.NRJ
1.0.20.1675

Bkav FE
W32.Clod46e.Trojan
1.3.0.4562

Comodo Security
Application.Win32.SProtect.GT
17353

Dr.Web
Adware.BGuard.11
9.0.1.0335

Emsisoft Anti-Malware
Adware.Agent.NRJ
8.13.12.01.10

ESET NOD32
Win32/SProtector
7.9109

F-Secure
Adware.Agent.NSJ
11.2013-01-12_1

G Data
Adware.Agent.NRJ
13.12.22

K7 AntiVirus
Riskware
13.174.10347

Malwarebytes
PUP.Optional.SProtect.A
v2013.12.01.10

McAfee
Artemis!38F61D046E57
5600.7275

MicroWorld eScan
Adware.Agent.NRJ
14.0.0.1005

Reason Heuristics
Unnamed.Threat.19
14.3.1.2

Sophos
Generic PUA BD
4.95

Trend Micro House Call
TROJ_GEN.R0CBH0AHR13
7.2.335

Trend Micro
ADW_SPROTECT
10.465.01

VIPRE Antivirus
Sprotector
23828

ViRobot
JS.A.Iframe.1531108
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
1.5 MB (1,531,108 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\assistant_v3.exe

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:suLWEWA4WjtiDGwIklC/2dt1Qwc8XXv5dZj4NLAy7a26VOKJn5sFWEWA4WjtiDGp:yE3dpiDxIPctLcqfZsNLf7S5sUE3dpiw

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file assistant_v3.exe has been seen being distributed by the following 8 URLs.

http://113.171.224.207/.../search_defender_166.exe

Remove assistant_v3.exe - Powered by Reason Core Security