» daemon2.exe
Overview
Analysis
File Details
Behaviors (1)

daemon2.exe

LLC

The application daemon2.exe by LLC has been detected as adware by 8 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Daemon’.

File name:

daemon2.exe

Publisher:

LLC (signed and verified)

MD5:

f56c905d89d40c8ad266c9051cc313cf

SHA-1:

54a65c8316c349aa56532630a6f9f555a0224bb1

SHA-256:

9c0700fe207e9d119d4b4284abd976ad007d7bb9b2b7d9f23c472349b29a9e48

Scanner detections:

8 / 68

Status:

Adware

Analysis date:

11/15/2024 3:37:19 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Crypt-SKC [Trj]

160119-0

Dr.Web

Trojan.StartPage1.23827

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Symmi.60305

10.0.0.5366

ESET NOD32

Win32/Neshta.D virus

7.0.302.0

McAfee

Virus.W32/HLLP.41472

18.0.204.0

Norman

Gen:Variant.Symmi.60305

03.02.2016 07:38:05

Reason Heuristics

PUP.Amonitize (M)

16.2.5.11

VIPRE Antivirus

Threat.4297522

46908

File size:

247.7 KB (253,616 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\daemon2.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

12/7/2015 12:00:00 AM

Valid to:

12/6/2016 11:59:59 PM

Subject:

CN="LLC ""IT LANCE""", OU=IT, O="LLC ""IT LANCE""", STREET="vul. Suzdalski Ryady, 9, ofis 602", L=Kharkiv, S=Kharkivska, PostalCode=61012, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

48EA255A48CA9D4FA7FF88EAFD04CA8D

File PE Metadata

Compilation timestamp:

1/18/2016 6:33:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

3072:8iqr85Ctv4QC2mCHJ9IjvXmfXyM5aV8QvrHNEv4VCd0t0x0iz7ZGa5MuR0iz7ZGL:8iS9t5u7Xmv6s44d02CiIa69iIa61

Entry address:

0x885C

Entry point:

80, 54, 01, 00, 5C, 51, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CC, 54, 01, 00, 70, 51, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 55, 01, 00, 80, 51, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F6, 56, 01, 00, F4, 51, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C4, 57, 01, 00, 28, 52, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 38, 58, 01, 00, 4C, 52, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

101.5 KB (103,936 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Daemon

Command:

"C:\users\{user}\appdata\roaming\daemon2.exe"

Remove daemon2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.