HijackThis.exe

HijackThis

Trend Micro Inc.

This is installed with multiple programs including HiJackThis. The file has been seen being downloaded from hijackthis.it.softonic.com and multiple other hosts.
Publisher:
Trend Micro Inc.

Product:
HijackThis

Version:
2.00.0004

MD5:
9a2347903d6edb84c10f288bc0578c1c

SHA-1:
ae96a47e781ed600704b0b040f6b5c8a92ac5e51

SHA-256:
5dca5dad7a63810dacee7f38c098a7b2d68617bf8175f05147e44d19dfa57a04

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 12:29:35 AM UTC  (today)

File size:
379.5 KB (388,608 bytes)

Product version:
2.00.0004

Copyright:
(c) 2007 Trend Micro Inc

Trademarks:
©

Original file name:
HijackThis.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hijackthis.exe

File PE Metadata
Compilation timestamp:
4/12/2010 7:50:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:XHgNL/htwPszyJNUFIuBgjV3b/ItgODuoPh4X464yv2jyE808x2LmLbwsuScGGS5:eVt8BURgxr/V+phmdE808YKXF

Entry address:
0x141850

Entry point:
60, BE, 00, E0, 4F, 00, 8D, BE, 00, 30, F0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.3644

Packer / compiler:
UPX 2.90LZMA]

Code size:
272 KB (278,528 bytes)

The file HijackThis.exe has been discovered within the following programs.

360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
HiJackThis  by Trend Micro Inc.
HijackThis is an open source enumerating tool for Microsoft Windows originally created by Merijn Bellekom, and later sold to Trend Micro. The program is notable for targeting browser-hijacking methods, rather than relying on a database of known spyware.
www.trendmicro.com
19% remove it
Recuva  by Piriform
Recuva is a data recovery program and is able to recover files that have been "permanently" deleted and marked by the operating system as free space.
www.piriform.com/recuva
8% remove it
ResTech Configuration Utility  by Baylor ResTech
About 1% of users remove it
Publisher's description - “With Trend Micro Titanium, your digital life is protected. Titanium provides powerful, easy-to-use, and efficient Internet security, so you can connect safely and with confidence.”
11% remove it
TrueCrypt  by TrueCrypt Foundation
Free open-source disk encryption software for Windows. Creates a virtual encrypted disk within a file and mounts it as a real disk. Encrypts an entire partition or storage device such as USB flash drive or hard drive.
www.truecrypt.org
10% remove it
 
Powered by Should I Remove It?

The file HijackThis.exe has been seen being distributed by the following 50 URLs.

http://hijackthis.it.softonic.com/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAN5WtHDaXqP1bZH5gYbEjmybr/7MAzEC34gu mSqdoG/IwZRmxiq0/KRB6an1ZTs0bgJnmVsn mN3kTsvXmY0zOgqEUoVrJs2pDi r9iB7pSG7bb9ac6gHk5elWlr5cppZ/uWmYhItKDzc10nEBb1HoyH6gr11QaTMh1MfOt9uepMZwYMp8ARIeVpuNt00Ln8nSBsPf/8QzfVZiAbFAqVLbvHQRa 3sr8PkORyWV7q9C1/ZOqHIntggDV/IV6tVWZnsOpt J0fuhR L/x3Hcd B/ZYJxncqkBkBQpLH8LaAjeJrAPnWF6Ili akOMF7mInQtaLA8hS4tmiL7NK7PLACBm8eQYCihaJ6SpF/0a63WrnQBuY6UnU5 Sne H4pOPZVc1/ISYDUbmepfW5MGe71gJPmXM1hWPejDvbeoSdPWrdKy5J0vLxN5sU5bhByJ3ylPbVxEWaifY6E1P OL/T9wbbCAj7gmp2mCJS6Zfyd bvGn8HLIYx2a/lmnq85PBtGUU5M7nvTYOzY85h6mM6MpYE4WVia29Mzlmuhy3z7c C8FYJNz6PvlJ/.../t9M1VWofjqTiFkfO XSz6m7r

https://hijackthis.softonic.com.br/download-tracker?th=1/6CH9aeXedl4L8u BHNJXWTW LP1LFlnGQpxqjlxAP7F/eGrpctXdF6XTnr1dg/W1BnrE0lqiSoIUV0YTCBPe8EpSN2qdl7V5aR4tj9hfoiMLK4FBfe4pcYK0qbKhH 67f/.../vFwBENL5nyS8EyCMz5HBg4KiGAAY=

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_it&type=PROGRAM&Expires=1470618697&Signature=bFklfnUdJ-lwGOZJOsFu2~e1kp6feGBoRQ6K~A1AJYWXMhhBOyrCQcHic9~XtJT3-bsJpYU48~4lLbJjzNVeOOgdMVuh08~coHjY~cblDZHmIaPCYcSc8spxIjqR~Zr9XT~2A9ul0v4ze1-4NeiqjJn13pKHKCRWPlEAMk55Bmk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HiJackThis.exe

http://download.bleepingcomputer.com/dl/d3e61da25d442357e44339493b95a686/53a9c80c/windows/security/security-utilities/h/.../HijackThis.exe

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_it&type=PROGRAM&Expires=1424915184&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=BYTz~5jm3UO4DWOR4xwsKQVD0LiLRlZ67SWZ33XTLAWeZj9~AW8oMuMXAm9l5XfaJk0NNalweN5do4HrYZJZmpsMLxBRJSyGslQMYtO2wjOsltdZZrfisyg4lD3MlTDdJLQSd22UdXIOehxTf6s1d~O3ofUCxDjYqDPeSWGOEb4_&filename=HiJackThis.exe

http://download.bleepingcomputer.com/dl/554eb186d99dac16f342229175160f51/544d8b3f/windows/security/security-utilities/h/.../HijackThis.exe

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_br&type=PROGRAM&Expires=1443951002&Signature=ACxVINtKDc2yVAc2TcQPE-LlOYpXvip61qRy6te7Kgj7y9Y2VtZU7ZrYuXuWdkspvvBWmMlW9Q2o1y8yGPxJ~gSdmbZzOZGMgDw4M3rUD1Fme2PhLOlYSAjNtkJfm-qvzRyTfFni51M247ib9b998nsTIDKBk9nSCP-PB8697tk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HiJackThis.exe

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_br&type=PROGRAM&Expires=1442644076&Signature=RUkYYFARuvo5H~4JpxYqpSkEGXJoW9ojQEwgMBAreZoMkwv~qPwfCFPAqGT4MKgR8ePPIl586Zx7LUsHsV0OSytoVeT8bmfdvvY5hZPrfECSc9mVesEjK2bKB2MSB3-4pHNvJ9MatNkOk~GZppBLAiKKxN4paJ1Xk5IJdXdX2kQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HiJackThis.exe

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_it&type=PROGRAM&Expires=1462951356&Signature=dWw-AROY6kLiBDg5Zq9A0nsWHvEZjGw0KxijoGvncuVBC7g9OIVwGvd-G9EwVNRGE9vNCka~njlrwXyWUJVVaFJUvOtTOvNBdWg8Tq8l97r2MntP830gW7MrQvi6gVJSO~nMzg7QelvL9hJyixyPbURhgvMo39093qc7Hmrv9ZA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HiJackThis.exe

http://gsf-cf.softonic.com/ae9/6a4/.../file?SD_used=0&channel=WEB&fdh=no&id_file=34177&instance=softonic_br&type=PROGRAM&Expires=1474944443&Signature=Q9~sQ64GFKYiGIBrW9jU5VFCTGznA~YaOhY5wTJV4lZEtwWnJque7Colx3P~9l4FuOrjs~momqMwS5eDXowr65mKqMK4AM9RWUcjy0C1JTfmA0Et2sfydPIfprwSqwDqog~gZF6NvabCPuEVWkeCIFXW2kqlfQ2KDwEYZxxU3yE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=HiJackThis.exe

http://192.168.0.3/.../14. HijackThis.exe

http://i.download.idg.pl/fannef/415fdc13b96b11ae3e91de8a6d39051e/581f7e31//vol2/w95/inetutils/.../HijackThis_2.0.4.exe

http://www.geekstogo.com/forum/files/go/.../trend-micro-hijack-this

http://download.bleepingcomputer.com/dl/8f3b5e90492b97bbb5605cd64794afad/541c8636/windows/security/security-utilities/h/.../HijackThis.exe

http://sb/.../14. HijackThis.exe

http://www.geekstogo.com/forum/files/go/.../trend-micro-hijack-this

Latest 30 of 112 download URLs

Scan HijackThis.exe - Powered by Reason Core Security