EventView.exe

Event Viewer

ADVANCED TECH SUPPORTCO, LLC.

The application EventView.exe, “This installer database contains the logic and data required to install Event Viewer.” by ADVANCED TECH SUPPORTCO has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ATS  (signed by ADVANCED TECH SUPPORTCO, LLC.)

Product:
Event Viewer

Description:
This installer database contains the logic and data required to install Event Viewer.

Version:
1.0.1

MD5:
56250e50c5e3baca6ac37e16f368a254

SHA-1:
d1a0b0e8d54adac205435fc2b592a145681b595d

SHA-256:
6cd07526cf5f3ed6c8f9755df01062bc3c75e7ba4aa96f4c9bb4038d364c18a8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:46:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.ADVANCEDTECHSUPPORTCO.Installer
15.8.5.14

File size:
1.8 MB (1,890,328 bytes)

Product version:
1.0.1

Copyright:
Copyright (C) ATS

Original file name:
EventView.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\eventview.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
7/16/2013 8:00:00 PM

Valid to:
7/23/2014 8:00:00 AM

Subject:
CN="ADVANCED TECH SUPPORTCO, LLC.", O="ADVANCED TECH SUPPORTCO, LLC.", L=Boca Raton, S=Florida, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05E39D9CD08EB042B71B6C0F2B6E3DF2

File PE Metadata
Compilation timestamp:
9/2/2013 10:22:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:I45qPUmlsuzMuyde/GssrvcvuAR8ijjzo5xfNk:v5qPUmlsuIuywOssrvcvk5k

Entry address:
0xB4B79

Entry point:
E8, D8, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 33, EB, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 54, 7F, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A3, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, 9C, 00, 00, 00, 8B...
 
[+]

Entropy:
6.8710

Code size:
930.5 KB (952,832 bytes)

Remove EventView.exe - Powered by Reason Core Security