» conprotsetup.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (3)

conprotsetup.exe

Content Protector

LLC

The application conprotsetup.exe, “Content Protector Setup” by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program ContentProtector by Artex Management S. A.. This file is typically installed with the program ContentProtector by Artex Management S. A..

File name:

conprotsetup.exe

Publisher:

"Artex Management S. A." (signed by LLC )

Product:

Content Protector

Description:

Content Protector Setup

Version:

2.0.0.1

MD5:

7cfef67b2dcaa0d48de1bb7863e4d316

SHA-1:

160c5113b135aade34bb6909e159455787c9a9cc

SHA-256:

49230971e1acac25724789c98bbba6beb9a088f8a7b883a0720fb51db5b464e5

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/15/2024 11:31:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonitize.ArtexManagementSA.Installer (M)

16.2.21.20

File size:

6 MB (6,322,872 bytes)

Product version:

2.0.0.1

Original file name:

ConProtSe.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\contentprotector\conprotsetup.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

2/14/2016 2:00:00 AM

Valid to:

2/14/2017 1:59:59 AM

Subject:

CN="LLC ""TIMARKO IT""", OU=IT, O="LLC ""TIMARKO IT""", STREET="Vulytsya Lenina, Budynok 33, Korpus A, Ofis", L=Berezanka, S=Mykolayivska, PostalCode=57400, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAE91A6E10A17EB04E7058AC5F3C8447

File PE Metadata

Compilation timestamp:

2/20/2016 7:18:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

196608:l1szEWMPoPY+B+jqThw3qT9+DOzs0WPReB+jKxPKJEF:l1szEWLPYOhThwYZzslPQFxCy

Entry address:

0x13451

Entry point:

E8, 68, 9A, 00, 00, E9, 39, FE, FF, FF, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, DA, F8, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, C4, F8, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 56, 8B, 75, 08, 57, 8B, 7D, 0C, 8B, 06, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 24, E9, FF, FF, 8B, 46, 08, 8B, 4E, 0C, 03, CF, 33, 0C, 38, 5F, 5E, 5D, E9, 11, E9, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55... 
[+]

Code size:

227 KB (232,448 bytes)

Program Uninstaller

Program name:

ContentProtector

Display publisher:

Artex Management S. A.

Display version:

2.0

Uninstall string:

C:\Program Files\ContentProtector\ConProtSetup.exe uninst=1

The file conprotsetup.exe has been discovered within the following program.

ContentProtector by Artex Management S. A.

About 3% of users remove it

The file conprotsetup.exe has been seen being distributed by the following 3 URLs.

http://dysy.storial.ru/installs/.../895d8c2b.exe

http://getcontentdefender.com/installer.exe

http://dysy.storial.ru/installs/.../08e8fe0a.exe

Remove conprotsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.