home

dream knight_1949733.exe

downloder assist

GRAND MEDIA LLC

The executable dream knight_1949733.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
cns.digital  (signed by GRAND MEDIA LLC)

Product:
downloder assist

Version:
2.1.0.1

MD5:
fb1ea2a403005955d71eaff9de9020e5

SHA-1:
82756f5a8f5c8c7938c1e64e1d80f00fa2f29405

SHA-256:
ab18b8ec88bfff398aaa0731e4fb00198d0086cb819fa33bf637722e0942b108

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/27/2024 9:37:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.4.9

File size:
917.3 KB (939,272 bytes)

Product version:
2.1.0.1

Copyright:
mediahit.org (C) 2015

Original file name:
assist

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dream knight_1949733.exe

Digital Signature
Signed by:
GRAND MEDIA LLC

Authority:
COMODO CA Limited

Valid from:
3/12/2015 6:00:00 AM

Valid to:
3/12/2016 5:59:59 AM

Subject:
CN=GRAND MEDIA LLC, O=GRAND MEDIA LLC, STREET="office 4, 74, Velyka Arnautska street", L=Odesa, S=Odeska, PostalCode=65045, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB4D6451840481B470CABBD55471AA0

File PE Metadata
Compilation timestamp:
5/26/2015 11:58:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x1000

Entry point:
B8, B8, 9C, 66, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 43, DD, 6C, 35, 28, FE, F2, 77, 11, A4, B1, 2D, A1, 8A, A2, BA, 9F, 26, 41, 79, F7, FD, AF, 76, A5, 34, 54, B5, 76, 0B, 2B, 93, 78, 19, FB, 21, 81, 5C, 63, 46, 56, 0C, 6F, BE, D7, 9B, 9D, B4, 7B, 77, 17, 0C, 2D, 03, 04, 18, 2A, D6, 47, DA, FC, 8F, D8, 86, DD, DA, B4, AD, EA, B6, 04, 61, 6F, 79, 56, EF, 21, C5, C9, 39, 99, 0C, 4B, 9A, 90, 44, 77, F3, 99, 1A, 68, F0, 53...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.5 MB (1,617,920 bytes)

Windows Firewall Allowed Program
Name:
dream knight_1949733.exe


Remove dream knight_1949733.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.