{blocked}.exe

Pass Finder Setup

PassRevelator

The application {blocked}.exe by PassRevelator has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Pass Revelator  (signed by PassRevelator)

Product:
Pass Finder Setup

Version:
1.0.0.0

MD5:
38c621df22d078ba40c0251ca8038fb7

SHA-1:
94a0ebec4aac2efb82626041a8dc5cf43f2c9c35

SHA-256:
8cf9968b27cf68912f579e6d5a4e9c2c30f998c81bfd24b71773de214d2e1c0c

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/16/2024 3:29:18 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2017.0.2798

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.16320

Comodo Security
UnclassifiedMalware
23690

ESET NOD32
Win32/Hoax.ArchSMS.ADT
10.12677

G Data
Win32.Application.Agent.FHMHN2
16.3.25

McAfee
Artemis!38C621DF22D0
5600.6454

NANO AntiVirus
Trojan.Win32.Babylon.csuksh
0.30.26.5051

Sophos
Generic PUA JE (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45642

File size:
2.3 MB (2,419,864 bytes)

Product version:
1.0.0.0

Copyright:
Pass Revelator

Original file name:
Pass_Finder_Setup

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\rar$ex00.014\pass_finder_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
10/29/2012 1:00:00 AM

Valid to:
10/30/2013 12:59:59 AM

Subject:
CN=PassRevelator, O=PassRevelator, STREET=1204 rue des Luats, L=Pannes, S=Totostate, PostalCode=45700, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DB90474AEADA7B3B5C99227DB0ED9622

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:AghXolANVdo6Lqi21TArTfobiG2uBLdignZ+LG4PUUJ:AgilAN7NLqIrTfk2uWNLGJc

Entry address:
0x204FB0

Entry point:
60, BE, 00, 90, 56, 00, 8D, BE, 00, 80, E9, FF, C7, 87, A4, 90, 1A, 00, 2F, 61, CC, 5C, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 4B, 2B, 20, 00, 57, 83, C3, 04, 53, 68, AA, BF, 09, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9...
 
[+]

Code size:
628 KB (643,072 bytes)

Remove {blocked}.exe - Powered by Reason Core Security