home

Draughts.exe

BIZNES KONNEKT, OOO

The application Draughts.exe by BIZNES KONNEKT, OOO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Draughts’.
Publisher:
Draughts  (signed by BIZNES KONNEKT, OOO)

Product:
Draughts

Version:
2.0.0.1

MD5:
8b27d3bc2a96fac9b0fc0e8c601411a4

SHA-1:
b4cb1d9ef90e6324e9a9537f7117f969273abeb3

SHA-256:
6a3c35a0b51df10536f536250a2b768e224443339de866f0644e8e4fcd9e1126

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 9:48:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PUP.HomePageDef (M)
16.6.29.5

File size:
1.6 MB (1,722,064 bytes)

Product version:
2.0.0.1

Copyright:
(c) Draughts 2016

Original file name:
Draughts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\checkers\draughts\draughts.exe

Digital Signature
Signed by:
BIZNES KONNEKT, OOO

Authority:
COMODO CA Limited

Valid from:
5/17/2016 3:00:00 AM

Valid to:
5/18/2017 2:59:59 AM

Subject:
CN="BIZNES KONNEKT, OOO", O="BIZNES KONNEKT, OOO", STREET="Aviamotornaya street, 7", L=Moscow, S=Moscow, PostalCode=125438, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
65E5775EABE2EE9ECC613DBE3E631A7E

File PE Metadata
Compilation timestamp:
6/9/2016 2:52:40 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.71

CTPH (ssdeep):
6144:CuUdNMsvKQ+2+jVDphpkipB702WC8KHtP2rE0BJamW1qr+WJWmZWJCErpoByalVB:CwJVDphpNf7mC8QPluvH+WJgJCcSn

Entry address:
0x10B8

Entry point:
EB, 00, 60, 9C, E8, 37, 08, 00, 00, 83, F8, 00, 75, 14, E8, 1D, 27, 00, 00, 83, F8, 00, 75, 0A, 9D, 61, FF, 25, 86, 55, 40, 00, EB, 04, 9D, 61, EB, 00, 68, 00, 00, 00, 00, FF, 15, D0, 61, 40, 00, 55, 89, E5, 83, 7D, 0C, 00, 74, 56, 83, 7D, 10, 00, 74, 30, 68, 00, 00, 00, 00, 68, FF, FF, FF, FF, FF, 75, 0C, FF, 75, 10, E8, 03, 14, 00, 00, 83, F8, 00, 74, 07, 83, F8, 06, 74, 31, EB, 1F, B8, 00, 00, 00, 00, C9, C2, 14, 00, 90, 90, 90, 90, 90, 90, B8, 03, 00, 00, 00, C9, C2, 14, 00, 90, 90, 90, 90, 90, 90, 90...
 
[+]

Entropy:
2.8657

Code size:
12.5 KB (12,800 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Draughts

Command:
"C:\users\{user}\appdata\roaming\checkers\draughts\draughts.exe"


Remove Draughts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.