daemon2.exe

IT CONSULT LLC

The application daemon2.exe by IT CONSULT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Daemon’.
Publisher:
Daemon  (signed by IT CONSULT LLC)

Product:
Daemon

Version:
1.0.0.1

MD5:
016a6ae58436c9e486a56d0d39c980aa

SHA-1:
1d8432d3f2cc42a90d61fd117de0e770002c7ba2

SHA-256:
15c106267cc973f1cf61698bf54cd3ffb59cbf266710e3bb3967252c9b67f874

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:46:57 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ITCONSUL (M)
16.7.3.16

File size:
215.2 KB (220,320 bytes)

Product version:
1.0.0.1

Copyright:
(c) Daemon

Original file name:
daemon2.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\daemon2.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/6/2015 4:00:00 PM

Valid to:
12/6/2016 3:59:59 PM

Subject:
CN=IT CONSULT LLC, OU=IT, O=IT CONSULT LLC, STREET="prov. Okhtyrskyy, 7", L=Kyyiv, S=Kyyiv, PostalCode=03022, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D5D544D7B91FA5FC0ED6FC17A58E809E

File PE Metadata
Compilation timestamp:
2/8/2016 5:08:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:0ir85ClmQC2mCEpu4AQHDWeHyreJHBaj9dwTLj9FigVUItvAUUa5nls4rM:0q9auHCDWHeGjYj3SIOUUa52T

Entry address:
0x8CCE

Entry point:
76, 61, 70, 69, 33, 32, 2E, 64, 6C, 6C, 00, 00, 00, 00, 52, 65, 67, 53, 65, 74, 56, 61, 6C, 75, 65, 45, 78, 41, 00, 00, 00, 00, 52, 65, 67, 4F, 70, 65, 6E, 4B, 65, 79, 45, 78, 41, 00, 00, 00, 52, 65, 67, 43, 6C, 6F, 73, 65, 4B, 65, 79, 00, 6B, 65, 72, 6E, 65, 6C, 33, 32, 2E, 64, 6C, 6C, 00, 00, 00, 00, 57, 72, 69, 74, 65, 46, 69, 6C, 65, 00, 00, 00, 57, 69, 6E, 45, 78, 65, 63, 00, 00, 00, 53, 65, 74, 46, 69, 6C, 65, 50, 6F, 69, 6E, 74, 65, 72, 00, 00, 00, 00, 53, 65, 74, 46, 69, 6C, 65, 41, 74, 74, 72, 69...
 
[+]

Code size:
108.5 KB (111,104 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Daemon

Command:
"C:\users\{user}\appdata\roaming\daemon2.exe"


Remove daemon2.exe - Powered by Reason Core Security