hkshcedvsu.exe

Share This

Data Protection Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application hkshcedvsu.exe by Data Protection Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Data Protection Solutions  (signed and verified)

Product:
Share This

Description:
ShareThis

Version:
1.0.0.0

MD5:
793fedf821d4c97757e6d439c3c46b9d

SHA-1:
8e6eba9e7402766f6b42ffc0807e00dbda53cacc

SHA-256:
7df9b1a47473977f24ecdaf7f560c21a6c54609765a2eb0b296163ffb1252677

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:29:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.12.6.10

File size:
48.9 KB (50,032 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Data Protection Solutions 2014

Original file name:
ShareThis.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\mcseyvqratj\dat\hkshcedvsu.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/9/2014 6:00:00 PM

Valid to:
3/10/2015 5:59:59 PM

Subject:
CN=Data Protection Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Data Protection Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6FA5269C2FC95B961427D4FD1474CDC5

File PE Metadata
Compilation timestamp:
9/18/2014 1:04:04 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:hy7OJCEU9CiVHD+MweW7xesxEgaoi0o6/1MkU3gshMdnda1:VCEgCp2yaPopo6/WT/Wna

Entry address:
0xBF8E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6453

Code size:
40 KB (40,960 bytes)

Remove hkshcedvsu.exe - Powered by Reason Core Security