etranslator.exe

This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘eTranslator Update’. The file has been seen being downloaded from systemmes.com and multiple other hosts.
Version:
1.0.0.0

MD5:
37db8d470aa4e8e13737e7d8e56a1cd9

SHA-1:
38d1b7e59ac4c2a18f7a75fd873cc2e4e1df18e2

SHA-256:
3efc4f6f6e0f39face800563aa57c140f0de8ca0ca4ccca657f11177038dfcb7

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 4:47:18 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
W32.Sality
2.1.4+

Dr.Web
Trojan.Zadved.1
9.0.1.0311

Trend Micro House Call
Suspicious_GEN.F47V1106
7.2.311

File size:
3.4 MB (3,548,163 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\etranslator\etranslator.exe

File PE Metadata
Compilation timestamp:
10/2/2014 7:17:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:VeUE0dPXc3mSMMJ3U3++V5u1opuOT4SQSToMZAVYP3VDTOGaWf+8:V5E0oU3rLLQSoMS2P3lTOGll

Entry address:
0x21DF1C

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, A0, 2D, 61, 00, E8, 7B, EA, DE, FF, 33, C0, 55, 68, 93, DF, 61, 00, 64, FF, 30, 64, 89, 20, E8, C4, 6A, DE, FF, 85, C0, 75, 30, E8, FB, 88, FC, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, 0D, 6B, DE, FF, 8B, 45, EC, 33, D2, E8, 83, 89, FC, FF, A1, A4, 87, 62, 00, 8B, 00, E8, 6F, 6E, F0, FF, E8, E6, 4D, FF, FF, EB, 05, E8, 8B, 2E, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 9A, DF, 61, 00, 8D, 45, EC, E8, 62, A5, DE, FF, C3, E9, EC, 9A, DE, FF, EB, F0, E8, 85...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.1 MB (2,215,424 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eTranslator Update

Command:
"C:\users\{user}\appdata\roaming\etranslator\etranslator.exe" -checkforupdates


The file etranslator.exe has been discovered within the following program.

etranslator  by etranslator
19% remove it
 
Powered by Should I Remove It?

The file etranslator.exe has been seen being distributed by the following 2 URLs.

Scan etranslator.exe - Powered by Reason Core Security