home

eros.ramazzotti.+.perfect_10924_i69760209_il345.exe

Google Chrome Portable

LLC BUDІMEKS

The application eros.ramazzotti.+.perfect_10924_i69760209_il345.exe by LLC BUDІMEKS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
PortableApps.com  (signed by LLC BUDІMEKS)

Product:
Google Chrome Portable

Version:
43.0.2357.134

MD5:
d47daeaaa91bae5da49fd5186c3d7a36

SHA-1:
4773b46277425290a815814f6b9fde6d453d7b81

SHA-256:
a39364b020caec8c3c2795e2887538a4da7035b3ab0d26f8f28b196c232e0ee7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/6/2024 7:35:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.Bundler (M)
17.2.23.1

File size:
1.4 MB (1,457,168 bytes)

Product version:
43.0.2357.134

Copyright:
2007-2015 PortableApps.com, PortableApps.com Installer 3.0.19.0

Trademarks:
PortableApps.com is a registered trademark of Rare Ideas, LLC.

Original file name:
GoogleChromePortable_43.0.2357.134_online.paf.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\eros.ramazzotti.+.perfect_10924_i69760209_il345.exe

Digital Signature
Signed by:
LLC BUDІMEKS

Authority:
COMODO CA Limited

Valid from:
8/27/2015 2:00:00 AM

Valid to:
8/27/2016 1:59:59 AM

Subject:
CN=LLC BUDІMEKS, O=LLC BUDІMEKS, STREET=Cvitna 34, L=Gorodockey area Galichani vilage, S=Lvovskaja, PostalCode=81523, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E9F1B23ADDECC133378F48EBB20F9E3D

File PE Metadata
Compilation timestamp:
10/11/2015 6:52:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2EB206

Entry point:
68, 01, 12, 33, 21, E8, 61, 7B, ED, FF, 90, D5, 2A, FF, 4E, 14, 8B, D5, 00, B4, C0, 22, E8, 8E, C3, E1, CA, 4D, 57, 2B, D6, 5F, 35, EB, 28, 00, 00, 00, 47, 65, 74, 4D, 6F, 64, 75, 6C, 65, 48, 61, 6E, 64, 6C, 65, 41, 00, 87, CB, 3C, D9, 5F, 05, 89, DB, 03, AD, CD, 47, A8, C5, C6, 20, BF, D5, 55, 39, DF, FD, 32, 9D, C6, 20, 85, 37, 47, 39, DF, 33, 42, 31, 39, DF, 5C, 72, 4C, 39, 5F, 22, 22, 30, 39, DF, 6F, 79, 9C, C6, 20, 31, 83, F9, C6, 20, 74, 83, 3D, 39, DF, D3, 7A, 31, CF, 98, 45, 56, 5F, 54, 32, C4, A9...
 
[+]

Packer / compiler:
ASProtect v1.2

Code size:
1.3 MB (1,350,656 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.