checker.exe

Buttons Application

M/s Tech AnB

The application checker.exe by M/s Tech AnB has been detected as adware by 11 anti-malware scanners. It is also typically executed from the user's temporary directory.
Publisher:
M/s Tech AnB  (signed and verified)

Product:
Buttons Application

Description:
Check Status

Version:
1, 0, 0, 1

MD5:
0f2e077364de8b588d2283644296a5e1

SHA-1:
717b8f454bb456d6e0d4bae6aabf6928d37135e2

SHA-256:
9de5a63f339d8d35186e49068b540aecf1e67d22e2dee04b7a78ba8548920596

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
12/24/2024 12:51:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.164391
730

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.1524

Bitdefender
Gen:Variant.Graftor.164391
1.0.20.175

Fortinet FortiGate
W32/Androm.FMAX!tr.bdr
2/4/2015

F-Secure
Gen:Variant.Graftor.164391
11.2015-04-02_4

G Data
Gen:Variant.Graftor.164391
15.2.24

Kaspersky
Backdoor.Win32.Androm
14.0.0.2537

MicroWorld eScan
Gen:Variant.Graftor.164391
16.0.0.105

Reason Heuristics
PUP.DoubleOpt Media
15.2.4.13

Trend Micro House Call
Suspicious_GEN.F47V1122
7.2.35

Vba32 AntiVirus
Backdoor.Androm
3.12.26.3

File size:
886.5 KB (907,744 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2003

Original file name:
Buttons.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\checker.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/9/2014 6:00:00 PM

Valid to:
2/10/2015 5:59:59 PM

Subject:
CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C12161D8036677E0A09B9580299D979F

File PE Metadata
Compilation timestamp:
11/14/2014 5:50:22 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:pUVZWL+QZAqo6jaRC63Q/QZ2Z21HBr4oMa:pXLXZAqojo6A/sJBUPa

Entry address:
0x4820C

Entry point:
E8, 70, CA, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 70, 10, 49, 00, E8, DA, 39, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, E0, BC, 49, 00, 77, 22, 6A, 04, E8, 73, CC, 00, 00, 59, 83, 65, FC, 00, 56, E8, D5, D9, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, E6, 39, 00, 00, C3, 6A, 04, E8, 56, CB, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 83, 3D, 34, A9, 49, 00, 00, 75, 18, E8, A6, BF, 00, 00, 6A, 1E, E8, CE, BD, 00, 00, 68, FF, 00, 00, 00, E8, 3C, 03, 00, 00, 59, 59, A1...
 
[+]

Entropy:
7.0051

Code size:
476 KB (487,424 bytes)

Remove checker.exe - Powered by Reason Core Security