» black.mass.2015.720p.hc.h_10924_i67986364_il345.exe
Overview
Analysis
File Details

black.mass.2015.720p.hc.h_10924_i67986364_il345.exe

Google Chrome Portable

LLC BUDІMEKS

The application black.mass.2015.720p.hc.h_10924_i67986364_il345.exe by LLC BUDІMEKS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

PortableApps.com (signed by LLC BUDІMEKS)

Product:

Google Chrome Portable

Version:

43.0.2357.134

MD5:

094aae97b06fe4b35650c632958cd851

SHA-1:

bf94a8d316c91ce3966ed81708c69df51db80948

SHA-256:

b767c1acff352873967c0d060635932882fe79699b58af68f6a41c892e2611b1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 7:44:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.Bundler (M)

17.2.26.11

File size:

1.4 MB (1,517,584 bytes)

Product version:

43.0.2357.134

2007-2015 PortableApps.com, PortableApps.com Installer 3.0.19.0

Trademarks:

PortableApps.com is a registered trademark of Rare Ideas, LLC.

Original file name:

GoogleChromePortable_43.0.2357.134_online.paf.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\more\black.mass.2015.720p.hc.h_10924_i67986364_il345.exe

Digital Signature

Signed by:

LLC BUDІMEKS

Authority:

COMODO CA Limited

Valid from:

8/27/2015 5:30:00 AM

Valid to:

8/27/2016 5:29:59 AM

Subject:

CN=LLC BUDІMEKS, O=LLC BUDІMEKS, STREET=Cvitna 34, L=Gorodockey area Galichani vilage, S=Lvovskaja, PostalCode=81523, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E9F1B23ADDECC133378F48EBB20F9E3D

File PE Metadata

Compilation timestamp:

10/6/2015 9:02:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x1D3B75

Entry point:

68, 5A, 62, 38, 00, E8, 2C, F0, FF, FF, BE, F6, F8, B9, 6E, FF, 1E, 3F, CA, 2B, 6E, E5, 88, 51, A7, 03, 8D, DE, 97, CE, A3, F7, 7F, 38, 1F, 15, 97, 91, 2C, F3, A0, 18, 11, 55, 5B, D5, 57, E0, 03, 19, 59, 61, 86, 3C, AC, BB, EC, CB, C2, 43, AE, DD, D1, 13, 66, 02, C5, FD, 7E, CE, 7E, 64, 99, 29, B5, 68, 19, 28, AB, D1, 01, 6F, 96, AF, 43, 33, E3, FB, 97, D2, C4, 88, 51, 03, 28, C4, 3E, 2B, D9, AF, C8, E2, 64, 64, 8D, B3, 22, B7, 47, 00, BD, 3A, 33, 03, E1, E3, FB, D2, 71, 75, F1, 44, A1, 45, 28, 44, 73, 20... 
[+]

Entropy:

7.9739 (probably packed)

Code size:

1.3 MB (1,411,072 bytes)

Remove black.mass.2015.720p.hc.h_10924_i67986364_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.