» condefsetup.exe
Overview
Analysis
File Details
Downloads (1)

condefsetup.exe

Content Defender

LLC

The application condefsetup.exe, “Content Defender Setup” by LLC has been detected as adware by 18 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from sendme13.ru.

File name:

condefsetup.exe

Publisher:

"Artex Management S. A." (signed by LLC )

Product:

Content Defender

Description:

Content Defender Setup

Version:

1.7.0.1

MD5:

57ec32817c45c74f173be38e09fcfbb5

SHA-1:

acaf3d44d00e15cc1e4bda3b6b2d68dda6efe429

SHA-256:

8dcde570428dd812701fc5f2d3e2862e9ad444c87174d46b020613cc7b097ec7

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

11/15/2024 9:56:47 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/CouponsAd.240

8.3.2.2

avast!

Win32:Evo-gen [Susp]

2014.9-151021

AVG

Generic

2016.0.2976

Dr.Web

Trojan.Zadved.183

9.0.1.0268

Emsisoft Anti-Malware

Gen:Variant.Mikey.25610

8.15.10.21.03

ESET NOD32

Win32/RiskWare.NetFilter (variant)

9.12296

F-Secure

Gen:Variant.Mikey.25610

11.2015-21-10_4

K7 AntiVirus

Unwanted-Program

13.210.17326

Kaspersky

not-a-virus:RiskTool.Win64.NetFilter

14.0.0.1242

Malwarebytes

PUP.Optional.ContentDefender

v2015.09.25.08

Norman

Gen:Variant.Mikey.25610

11.20151021

Panda Antivirus

Trj/Genetic.gen

15.09.25.08

Reason Heuristics

PUP.Amonitize.ArtexManagementSA.Installer (M)

15.9.25.8

Rising Antivirus

PE:Packer.Win32.Crypt.ek!1615884[F1]

23.00.65.15923

Sophos

Generic PUA IG (PUA)

4.98

Vba32 AntiVirus

AdWare.Agent

3.12.26.4

VIPRE Antivirus

NetFilter

44036

File size:

5.4 MB (5,623,624 bytes)

Product version:

1.7.0.1

Original file name:

ConDefSe.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\condefsetup.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

8/14/2015 3:00:00 AM

Valid to:

1/1/2016 2:59:59 AM

Subject:

CN="LLC ""YUNITEKH SOFT""", O="LLC ""YUNITEKH SOFT""", STREET="BASTIONNA str., 15", L=Kyyiv, S=Kyyiv, PostalCode=01014, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1EE1A5FD1A4E113F50CC79C1B5C0E6D3

File PE Metadata

Compilation timestamp:

9/23/2015 10:04:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:kWx2g4+PjadbUfHaRe9xby8Kck/x5II5vQcBico+Coqr1e9yY:5QJbdY6183Yx5II5vQc0P3rq

Entry address:

0xAD36

Entry point:

E8, FA, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 08, A2, 41, 00, 8D, 7D, E0, F3, A5, 8B, 75, 0C, 8B, 7D, 08, 85, F6, 74, 13, F6, 06, 10, 74, 0E, 8B, 0F, 83, E9, 04, 51, 8B, 01, 8B, 70, 18, FF, 50, 20, 89, 7D, F8, 89, 75, FC, 85, F6, 74, 0C, F6, 06, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, A8, 91, 41, 00, 5F, 5E, 8B, E5, 5D, C2, 08, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B... 
[+]

Code size:

93 KB (95,232 bytes)

The file condefsetup.exe has been seen being distributed by the following URL.

http://sendme13.ru/.../2ebdcdf75591c039a5f8bd0ac3a24449.exe

Remove condefsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.