» EasySpeedCheck.exe
Overview
Analysis
File Details
Programs (1)
Network (4)

EasySpeedCheck.exe

EasySpeedCheck

Probit Software LTD

The application EasySpeedCheck.exe by Probit Software has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program Easy Speed Check by Probit Software LTD which is a potentially unwanted software program.

File name:

EasySpeedCheck.exe

Publisher:

Probit Software LTD (signed and verified)

Product:

EasySpeedCheck

Version:

1.1.3.0

MD5:

ef772c6768ae6e86b6c9216c71da4001

SHA-1:

8412296d2832d41331ae581c1e300d0812251002

SHA-256:

09f326ae405ef7032ea16554ede735e0f7ab29354d452a0341f4ef32b9aa53e7

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

11/4/2024 5:07:47 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3309

Baidu Antivirus

Adware.Win32.EasySpeedCheck

4.0.3.141026

ESET NOD32

Win32/AdWare.EasySpeedCheck (variant)

8.10620

Reason Heuristics

PUP.Optional.ProbitSoftware.O

14.10.26.14

File size:

190.9 KB (195,472 bytes)

Product version:

1.1.3.0

Probit Software LTD

Original file name:

EasySpeedCheck.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\easy speed check\easyspeedcheck.exe

Digital Signature

Signed by:

Probit Software LTD

Authority:

VeriSign, Inc.

Valid from:

11/24/2013 7:00:00 PM

Valid to:

12/25/2014 6:59:59 PM

Subject:

CN=Probit Software LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Probit Software LTD, L=Herzeliya, S=Sharon, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

460413EF8AF84168B22DD4F3E151AEA3

File PE Metadata

Compilation timestamp:

10/23/2014 8:27:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

3072:eh+kZbvfmVXXibj1nuJTxYFY63w8eGJBQ9xwe1XU9PSa/pOrckKLt:ehHZjmVXXCjpuJTqw8eGfQXwe1XU9PS6

Entry address:

0x1590

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, A8, 23, 41, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, D8, 23, 41, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, C8, 23, 41, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, D0, 40, 00, E8, 36, 97, 00, 00, BA, 48, 93, 40, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, D0, 40, 00, 89, 04, 24, E8, 22, 97, 00, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 10, 41, 00, C7... 
[+]

Entropy:

5.6655

Code size:

42 KB (43,008 bytes)

The file EasySpeedCheck.exe has been discovered within the following program.

Easy Speed Check by Probit Software LTD

The software displays popup advertisements on the user's PC out of context of the browser or the software.

83% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-86-42-253.compute-1.amazonaws.com (54.86.42.253:80)

TCP (HTTP):

Connects to ec2-54-197-233-35.compute-1.amazonaws.com (54.197.233.35:80)

TCP (HTTP):

Connects to ec2-23-23-159-58.compute-1.amazonaws.com (23.23.159.58:80)

TCP (HTTP):

Connects to ec2-184-73-157-23.compute-1.amazonaws.com (184.73.157.23:80)

Remove EasySpeedCheck.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.