christv online.exe

ChrisTV Online!

Chris P.C. srl

The application christv online.exe by Chris P.C. srl has been detected as a potentially unwanted program by 12 anti-malware scanners. While running, it connects to the Internet address server2.pgware.com on port 80 using the HTTP protocol.
Publisher:
Chris P.C. srl  (signed and verified)

Product:
ChrisTV Online!

Version:
10.0.70.503

MD5:
ddac207bc42e72e5e10521f14532331f

SHA-1:
7ecf573689aadb3c8982e2fbbf4aaa8f73e9d4ed

SHA-256:
1daebe9da604c01cfe784ac9c06f34bc9222a695042f6aa3f05e06470a05f9ae

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 4:37:37 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2014.10.31

avast!
Win32:SaliCode
2014.9-141219

Bkav FE
HW32.CDB
1.3.0.4246

K7 AntiVirus
Virus
13.185.13853

Microsoft Security Essentials
Threat.Undefined
1.187.750.0

Norman
Sality.ZHB
11.20141219

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.ChrisPCsrl.O
14.7.22.22

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.141217

Trend Micro House Call
TROJ_GEN.F47V0930
7.2.203

Trend Micro
PE_SALITY.RL
10.465.19

VIPRE Antivirus
Threat.4721115
34232

File size:
1.5 MB (1,603,048 bytes)

Product version:
10.00

Copyright:
Chris P.C. srl

Trademarks:
Chris P.C. srl

File type:
Executable application (Win32 EXE)

Language:
Romanian (Romania)

Common path:
C:\Program Files\christv online free edition\christv online.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/7/2013 5:00:00 PM

Valid to:
1/8/2016 4:59:59 PM

Subject:
CN=Chris P.C. srl, O=Chris P.C. srl, STREET=Nicolae Cristea 25/8, L=Cluj-Napoca, S=Cluj, PostalCode=400184, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
319A47CF0068FDF122C7AC1163A961B8

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:yLz37DCfN1E/qp0+aWcxTVJChagkDVxCdGCNZQ46LX4qYo4qgZ35:y3DPip0rTw4xSxNZQ4uYo4qgN5

Entry address:
0x3A3CF0

Entry point:
60, BE, 00, 70, 62, 00, 8D, BE, 00, A0, DD, FF, C7, 87, CC, 60, 25, 00, 83, 59, 15, 97, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9084

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
1.5 MB (1,560,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server2.pgware.com  (162.246.58.237:80)

Remove christv online.exe - Powered by Reason Core Security