home

assistant_v3.exe

The application assistant_v3.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from i1.stylezip.info and multiple other hosts a web site host known to distribute potentially unwanted software operated by WEB PICK - INTERNET HOLDINGS LTD.
MD5:
63abae978757301e29c229e71d12f2e4

SHA-1:
b8730e24a08f7c1479a0301b875a760e077138c4

SHA-256:
23d8cbf71f96cf2597d1bda8f34ee2536ddf26adddf66b37f04a7201ecef330b

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 12:38:07 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.3508736
7.11.129.216

avast!
Win32:Malware-gen
2014.9-140206

AVG
Dropper.Generic_r
2015.0.3595

Baidu Antivirus
Adware.Win32.GTgroup
4.0.3.14114

Bkav FE
HW32.Stranacty
1.3.0.4923

Comodo Security
Application.Win32.Preload.A
17740

Dr.Web
Trojan.DownLoader9.10550
9.0.1.014

G Data
Win32.Trojan.Agent.ZI35M1
14.2.24

IKARUS anti.virus
Win32.Malware
t3scan.2.2.29

McAfee
Artemis!63ABAE978757
5600.7251

Norman
Suspicious_Gen7.FZC
11.20140114

Trend Micro House Call
TROJ_APPINIT.BMH
7.2.14

File size:
3.3 MB (3,508,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\assistant_v3.exe

File PE Metadata
Compilation timestamp:
12/29/2013 10:39:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:zdKAuVXJDeqp57dLhnAYukpup+zujfs5+fiedY+ftD3JlZoO3xfRck36K+k0WnEG:cbJKI5Lhnw/2ujfE+06t3Zo69n0pT

Entry address:
0x39A20

Entry point:
E8, FA, BA, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 88, B7, 45, 00, E8, EA, 6C, 00, 00, E8, 46, 41, 00, 00, 0F, B7, F0, 6A, 02, E8, 8D, BA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 37, 4D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
318.5 KB (326,144 bytes)

The file assistant_v3.exe has been seen being distributed by the following 4 URLs.

http://i1.stylezip.info/addons/dfndr/.../sprotector_x86_x64.exe

http://dr078zibyt48h.cloudfront.net/addons/dfndr/.../sprotector_x86_x64.exe

http://i1.securemyfun.info/addons/dfndr/.../sprotector_x86_x64.exe

http://i1.stylefun.info/addons/dfndr/.../sprotector_x86_x64.exe

Remove assistant_v3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.