etranslator.exe

Mayris Corporation

The application etranslator.exe by Mayris has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘eTranslator Update’. The file has been seen being downloaded from systemales.com and multiple other hosts.
Publisher:
Mayris Corporation  (signed and verified)

Version:
1.0.0.0

MD5:
6d0481f46d416ca7d7029da03b5a05ec

SHA-1:
80e9cb903552be19101cff2310b5990613cd860a

SHA-256:
8f786e54a20ac17ab528bc5a3c974c2c4d6f56e92ce8e05e346d06246291cb4a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:38:48 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Zadved.1
9.0.1.0305

McAfee
Artemis!6D0481F46D41
5600.6960

Reason Heuristics
PUP.Optional.Startup.L
14.11.20.9

Sophos
DLHelper
4.98

VIPRE Antivirus
Mayris
34422

File size:
3.2 MB (3,354,176 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\etranslator\etranslator.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/6/2013 3:00:00 AM

Valid to:
12/7/2014 2:59:59 AM

Subject:
CN=Mayris Corporation, OU=Development Department, O=Mayris Corporation, STREET="50th Street , Global Plaza Tower", STREET="16th Floor, Suite H", L=Panama City, S=Outside United States, PostalCode=0834, C=PA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
64877F8F62583B45754C6201ED08A920

File PE Metadata
Compilation timestamp:
10/31/2014 6:22:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:ZM4evgDnI3mSSsZ423APyxqJDx+pfRT0T4Sn68/8U+XGzOWaWf+Q:ZXev0230YkxZ4Sn68x+WzOWld

Entry address:
0x21EF1C

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, EC, B8, F4, 31, 61, 00, E8, 7B, DA, DE, FF, 33, C0, 55, 68, 93, EF, 61, 00, 64, FF, 30, 64, 89, 20, E8, C4, 5A, DE, FF, 85, C0, 75, 30, E8, 0F, 7B, FC, FF, 84, C0, 75, 20, 8D, 55, EC, 33, C0, E8, 0D, 5B, DE, FF, 8B, 45, EC, 33, D2, E8, 97, 7B, FC, FF, A1, E0, 97, 62, 00, 8B, 00, E8, 6F, 5E, F0, FF, E8, 3A, 42, FF, FF, EB, 05, E8, EB, 21, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 9A, EF, 61, 00, 8D, 45, EC, E8, 62, 95, DE, FF, C3, E9, EC, 8A, DE, FF, EB, F0, E8, 85...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.1 MB (2,216,960 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eTranslator Update

Command:
"C:\users\{user}\appdata\roaming\etranslator\etranslator.exe" -checkforupdates


The file etranslator.exe has been seen being distributed by the following 2 URLs.

http://systemales.com/.../734f7b05464cbf94aed8c51635b99426.exe

Remove etranslator.exe - Powered by Reason Core Security