» herdprotectscan_setup.exe
Overview
Analysis
File Details
Downloads (1)

herdprotectscan_setup.exe

herdProtect Anti-Malware Scanner

Reason Company Software Inc.

Warning, this is an illegal version of herdProtect (repackaged and distributed without Reason Software Company's permission) by a company that bundles adware. Please make sure that you uninstall this version and download a legitimate copy from our site.

The executable herdprotectscan_setup.exe has been detected as malware by 5 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source.

File name:

herdprotectscan_setup.exe

Publisher:

Reason Company Software Inc.

Product:

herdProtect Anti-Malware Scanner

Version:

1.0.3.9

MD5:

33100b60299a3857368d9198f650ebf2

SHA-1:

ed9dd9137fba4493ffa4859fc911b4c6ea3689f9

SHA-256:

743a516d4903c362ab6d0b600f367f103698b18b18681257dff25c580a254eba

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

11/2/2024 5:30:17 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.223.2667.0

Norman

Win32.Sality.3

28.05.2016 15:32:18

File size:

2.8 MB (2,946,840 bytes)

Product version:

1.0.3.9

Trademarks:

herdProtect is a Trademark of Reason Company Software Inc.

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\herdprotectscan_setup.exe

File PE Metadata

Compilation timestamp:

5/20/2013 2:52:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:t5kLxrTwwfRGos57i3hg9KUhEBfrvafngImVq9O4VdU16jfU4r9:0XGojafgfcDzUy9

Entry address:

0x30DC

Entry point:

69, D9, 93, 2C, 81, 34, F3, 0F, AF, F6, 3B, F7, 1C, FB, 69, C7, 4B, 78, 18, EB, F7, C7, 52, 13, 4B, D3, 81, C5, E9, BD, 00, 00, 81, D1, EE, 8E, DC, 99, 81, ED, A2, 07, 00, 00, 0D, 29, 92, E4, 5B, FE, C6, 29, D6, 56, 68, 13, 5E, 74, 00, 69, CB, 81, D5, CF, 14, 0C, 55, 85, F8, 78, 02, 8A, F6, E8, 45, 00, 00, 00, 73, 05, F3, B5, D0, 10, DD, 48, 8D, 1D, 8F, 02, E5, AA, 8A, F9, FF, C6, 87, ED, F7, C6, 57, DA, BE, 86, B7, 32, 8D, 05, AB, 2F, 00, 00, 4D, 8A, E8, 8D, 0D, B7, D8, 6A, E6, 05, C9, 01, 00, 00, 85, FB... 
[+]

Entropy:

7.9409 (probably packed)

Code size:

23 KB (23,552 bytes)

The file herdprotectscan_setup.exe has been seen being distributed by the following URL.

http://www.herdprotect.com/.../herdProtectScan_Setup.exe

Remove herdprotectscan_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.