» etranslator.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

etranslator.exe

Mayris Corporation

The application etranslator.exe by Mayris has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘eTranslator Update’. The file has been seen being downloaded from systemales.com and multiple other hosts.

File name:

etranslator.exe

Publisher:

Mayris Corporation (signed and verified)

Version:

1.0.0.0

MD5:

6d0481f46d416ca7d7029da03b5a05ec

SHA-1:

80e9cb903552be19101cff2310b5990613cd860a

SHA-256:

8f786e54a20ac17ab528bc5a3c974c2c4d6f56e92ce8e05e346d06246291cb4a

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 9:26:52 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Zadved.1

9.0.1.0305

McAfee

Artemis!6D0481F46D41

5600.6960

Reason Heuristics

PUP.Optional.Startup.L

14.11.20.9

Sophos

DLHelper

4.98

VIPRE Antivirus

Mayris

34422

File size:

3.2 MB (3,354,176 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\etranslator\etranslator.exe

Digital Signature

Signed by:

Mayris Corporation

Authority:

COMODO CA Limited

Valid from:

12/6/2013 3:00:00 AM

Valid to:

12/7/2014 2:59:59 AM

Subject:

CN=Mayris Corporation, OU=Development Department, O=Mayris Corporation, STREET="50th Street , Global Plaza Tower", STREET="16th Floor, Suite H", L=Panama City, S=Outside United States, PostalCode=0834, C=PA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

64877F8F62583B45754C6201ED08A920

File PE Metadata

Compilation timestamp:

10/31/2014 6:22:23 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:ZM4evgDnI3mSSsZ423APyxqJDx+pfRT0T4Sn68/8U+XGzOWaWf+Q:ZXev0230YkxZ4Sn68x+WzOWld

Entry address:

0x21EF1C

Entry point:

55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, F4, 31, 61, 00, E8, 7B, DA, DE, FF, 33, C0, 55, 68, 93, EF, 61, 00, 64, FF, 30, 64, 89, 20, E8, C4, 5A, DE, FF, 85, C0, 75, 30, E8, 0F, 7B, FC, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, 0D, 5B, DE, FF, 8B, 45, EC, 33, D2, E8, 97, 7B, FC, FF, A1, E0, 97, 62, 00, 8B, 00, E8, 6F, 5E, F0, FF, E8, 3A, 42, FF, FF, EB, 05, E8, EB, 21, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 9A, EF, 61, 00, 8D, 45, EC, E8, 62, 95, DE, FF, C3, E9, EC, 8A, DE, FF, EB, F0, E8, 85... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.1 MB (2,216,960 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

eTranslator Update

Command:

"C:\users\{user}\appdata\roaming\etranslator\etranslator.exe" -checkforupdates

The file etranslator.exe has been seen being distributed by the following 2 URLs.

http://systemales.com/.../734f7b05464cbf94aed8c51635b99426.exe

http://systemand.com/.../67580fbff41e18b237c49cae99f5c2ca.exe

Remove etranslator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.