» import_root_cert.exe
Overview
Analysis
File Details

import_root_cert.exe

LLC

The application import_root_cert.exe by LLC has been detected as adware by 10 anti-malware scanners.

File name:

Publisher:

LLC (signed and verified)

MD5:

f0e161883eaa4820cffa6dbe2c861c9d

SHA-1:

58de1eaec65d9bf2d2693bc600bc71d3a16fb31e

SHA-256:

0a86df9567775bb2a2b9e4d859d3d9fbf4a61cf06815cb13f35c9c9f7e003fbe

Scanner detections:

10 / 68

Status:

Adware

Analysis date:

11/15/2024 3:42:38 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mabezat [Wrm]

160518-2

AVG

Win32/Mabezat

2015.0.4591

Dr.Web

Trojan.Zadved.409

9.0.1.05190

Emsisoft Anti-Malware

Win32.Worm.Mabezat.Gen

11.5.0.6191

ESET NOD32

Win32/Mabezat.A virus

8.0.319.0

F-Prot

W32/Mabezat.A-2

4.6.5.141

McAfee

Virus.W32/Mabezat.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.654.0

Norman

Win32.Worm.Mabezat.Gen

28.05.2016 13:03:37

Reason Heuristics

PUP.Amonitize

16.6.4.4

File size:

256.1 KB (262,255 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\contentprotector\import_root_cert.exe

Digital Signature

Signed by:

LLC

Authority:

COMODO CA Limited

Valid from:

2/14/2016 12:00:00 AM

Valid to:

2/13/2017 11:59:59 PM

Subject:

CN="LLC ""TIMARKO IT""", OU=IT, O="LLC ""TIMARKO IT""", STREET="Vulytsya Lenina, Budynok 33, Korpus A, Ofis", L=Berezanka, S=Mykolayivska, PostalCode=57400, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAE91A6E10A17EB04E7058AC5F3C8447

File PE Metadata

Compilation timestamp:

8/3/2012 1:25:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:Z6UV8EAaRUT6bMSOuG3d+tqaIhdnUW9DMa4m8BjuHWiMEmQVnDhq6N4n7gswK3jP:gM6T6bM1p32WGm8WeEmqDDN4n7gsV3jP

Entry address:

0x54EA

Entry point:

BB, F1, AF, D1, 4B, 93, E9, 20, 01, 00, 00, F9, 9F, 02, FE, AA, 2E, 02, FE, 82, 07, 83, 82, 82, 02, 82, 82, 5F, 82, 82, 82, E1, B3, B8, B3, B2, B3, BB, B9, B8, 82, 82, 82, F6, E3, FC, E7, E4, E3, EF, E3, B0, E6, EE, EE, 82, 82, 82, 82, DE, 82, 82, 82, C8, F4, E7, E7, CE, EB, E4, F4, E3, F4, FB, 82, C5, F4, E7, E3, F6, E7, C6, EB, F4, E7, E5, F6, F1, F4, FB, C3, 82, 82, 82, 82, C9, E7, F6, D9, EB, F0, E6, F1, F9, F5, C6, EB, F4, E7, E5, F6, F1, F4, FB, C3, 82, 82, 82, 82, C9, E7, F6, CF, F1, E6, F7, EE, E7... 
[+]

Code size:

60 KB (61,440 bytes)

Remove import_root_cert.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.