» besiege__7934_il7889.exe
Overview
Analysis
File Details

besiege__7934_il7889.exe

House Solutions Env

Grand Tekhniks, TOV

The application besiege__7934_il7889.exe, “House Environment Pro” by Grand Tekhniks, TOV has been detected as a potentially unwanted program by 6 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

House Solutions Limited (signed by Grand Tekhniks, TOV)

Product:

House Solutions Env

Description:

House Environment Pro

Version:

4.1.2.1

MD5:

bdeab98011336166a06866a090b8fde7

SHA-1:

9915f71dad8457f8f013f074e78a797c143c1219

SHA-256:

1d6e503e09337e1b346ccac428d9e895a9268f5faccfb95ae81c25e4c962f18e

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:23:48 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Strictor.110151

16.07.13

ESET NOD32

Win32/Amonetize.VR potentially unwanted application

8.0.319.0

Kaspersky

not-a-virus:Downloader.Win32.AdLoad

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.225.1333.0

Reason Heuristics

PUP.Amonetize.GrandTek (M)

16.7.13.19

VIPRE Antivirus

Threat.4150696

50516

File size:

932.7 KB (955,107 bytes)

Product version:

4.1.2.1

Original file name:

pref.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\besiege__7934_il7889.exe

Digital Signature

Signed by:

Grand Tekhniks, TOV

Authority:

COMODO CA Limited

Valid from:

6/28/2016 12:00:00 AM

Valid to:

6/28/2017 11:59:59 PM

Subject:

CN="Grand Tekhniks, TOV", OU=IT, O="Grand Tekhniks, TOV", STREET="Vulytsya Dvadtsyat Tretogo Serpnya, 31 B", L=Kharkiv, S=Kharkivska, PostalCode=49000, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3EA2C2E2F5E3A5F3FD32C4FF511868D8

File PE Metadata

Compilation timestamp:

7/10/2016 5:09:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:zh7LzoJDgtaZutD/GKHg/yvWVXDRFjOG3pZqe/NqHw/gPgtibuNXcbh:lrYGyutD/GKHg6uVdxOGXHa0goSOsbh

Entry address:

0x19F5

Entry point:

E8, 77, 1B, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, FF, 15, 5C, C0, 41, 00, 6A, 01, A3, 44, 52, 42, 00, E8, 61, 24, 00, 00, FF, 75, 08, E8, 9E, 21, 00, 00, 83, 3D, 44, 52, 42, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 47, 24, 00, 00, 59, 68, 09, 04, 00, C0, E8, 6C, 21, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 20, 5B, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 28, 50, 42, 00, 89, 0D, 24, 50, 42, 00, 89, 15, 20, 50, 42, 00, 89, 1D, 1C, 50, 42, 00, 89, 35, 18, 50, 42, 00, 89, 3D, 14... 
[+]

Entropy:

7.0354

Code size:

107 KB (109,568 bytes)

Remove besiege__7934_il7889.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.