» badf2d87-87cc-4510-9d85-451779f9718a.exe
Overview
Analysis
File Details
Programs (1)

badf2d87-87cc-4510-9d85-451779f9718a.exe

Content Protector

LLC

The application badf2d87-87cc-4510-9d85-451779f9718a.exe, “Content Protector Setup” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program ContentProtector by Artex Management S. A.. It is also typically executed from the user's temporary directory.

File name:

Publisher:

"Artex Management S. A." (signed by LLC )

Product:

Content Protector

Description:

Content Protector Setup

Version:

2.0.0.1

MD5:

8631a35533a842af2f6053f25be90d53

SHA-1:

be56f47e94f56e927358d2713eec5b66a8c7316b

SHA-256:

1e6195a56d00b1776e0e43d5acf4dbf31631a7d9bd9e037e8b66a117fbc23ea9

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/15/2024 3:52:56 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize.ArtexMan.Installer (M)

16.4.24.15

File size:

6 MB (6,278,336 bytes)

Product version:

2.0.0.1

Original file name:

ConProtSe.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\badf2d87-87cc-4510-9d85-451779f9718a.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

11/10/2015 3:00:00 AM

Valid to:

11/10/2016 2:59:59 AM

Subject:

CN="LLC ""IT-PROF""", OU=IT, O="LLC ""IT-PROF""", STREET="prosp. Heroyiv Stalinhrada, 48", L=Kiev, S=Kiev, PostalCode=04213, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7B1E28BB38088B1862D9E29DE894FEEB

File PE Metadata

Compilation timestamp:

4/19/2016 4:02:32 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:A4lHEr3YVjYIhv2NvrAaKVMF8m3rbF23zCJlWea7cRA73kf3Uscl9Gv73rbFFwXZ:y3YhROtMaKWaeLlO7cE3AUscArQhT

Entry address:

0xF064

Entry point:

E8, 17, 45, 00, 00, E9, 73, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 1C, CD, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 44, B1, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 1C, CD, 42, 00, 00, 0F, 83, A7, 01, 00, 00... 
[+]

Code size:

121 KB (123,904 bytes)

The file badf2d87-87cc-4510-9d85-451779f9718a.exe has been discovered within the following program.

ContentProtector by Artex Management S. A.

About 3% of users remove it

Remove badf2d87-87cc-4510-9d85-451779f9718a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.