conprotsetup.exe

Content Protector

LLC

The application conprotsetup.exe, “Content Protector Setup” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program ContentProtector by Artex Management S. A.. This file is typically installed with the program ContentProtector by Artex Management S. A..
Publisher:
"Artex Management S. A."  (signed by LLC )

Product:
Content Protector

Description:
Content Protector Setup

Version:
2.0.0.1

MD5:
7cfef67b2dcaa0d48de1bb7863e4d316

SHA-1:
160c5113b135aade34bb6909e159455787c9a9cc

SHA-256:
49230971e1acac25724789c98bbba6beb9a088f8a7b883a0720fb51db5b464e5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 4:33:24 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize.ArtexManagementSA.Installer (M)
16.2.21.20

File size:
6 MB (6,322,872 bytes)

Product version:
2.0.0.1

Copyright:
Copyright: (c) "Artex Management S. A.". All rights reserved.

Original file name:
ConProtSe.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\contentprotector\conprotsetup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/14/2016 2:00:00 AM

Valid to:
2/14/2017 1:59:59 AM

Subject:
CN="LLC ""TIMARKO IT""", OU=IT, O="LLC ""TIMARKO IT""", STREET="Vulytsya Lenina, Budynok 33, Korpus A, Ofis", L=Berezanka, S=Mykolayivska, PostalCode=57400, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAE91A6E10A17EB04E7058AC5F3C8447

File PE Metadata
Compilation timestamp:
2/20/2016 7:18:37 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
196608:l1szEWMPoPY+B+jqThw3qT9+DOzs0WPReB+jKxPKJEF:l1szEWLPYOhThwYZzslPQFxCy

Entry address:
0x13451

Entry point:
E8, 68, 9A, 00, 00, E9, 39, FE, FF, FF, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, DA, F8, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, C4, F8, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 56, 8B, 75, 08, 57, 8B, 7D, 0C, 8B, 06, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 24, E9, FF, FF, 8B, 46, 08, 8B, 4E, 0C, 03, CF, 33, 0C, 38, 5F, 5E, 5D, E9, 11, E9, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55...
 
[+]

Code size:
227 KB (232,448 bytes)

Program Uninstaller
Program name:
ContentProtector

Display publisher:
Artex Management S. A.

Display version:
2.0

Uninstall string:
C:\Program Files\ContentProtector\ConProtSetup.exe uninst=1


The file conprotsetup.exe has been discovered within the following program.

ContentProtector  by Artex Management S. A.
About 3% of users remove it
 
Powered by Should I Remove It?

The file conprotsetup.exe has been seen being distributed by the following 3 URLs.

Remove conprotsetup.exe - Powered by Reason Core Security