home

Info.exe

Info

Europe Capital Ltd

The application Info.exe by Europe Capital has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘regist’. While running, it connects to the Internet address radon.mysecuritycenter.com on port 80 using the HTTP protocol.
Publisher:
MySecurityCenter  (signed by Europe Capital Ltd)

Product:
Info

Version:
3.0.0.2

MD5:
206aa1a66cad36ad71060d3e93a58714

SHA-1:
3743abd8306a1a19e27717aaeeb73b5b9556a665

SHA-256:
1ec50c1e661d5ca10946993010de75696addfd5e6e898e11542b7569fdfa98b1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 2:11:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup
15.6.7.12

File size:
380.6 KB (389,736 bytes)

Product version:
3.0.0.2

Copyright:
(c) MySecurityCenter. All rights erved.

Original file name:
Info.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mysecuritycenter\programs\info.exe

Digital Signature
Signed by:
Europe Capital Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/6/2006 1:00:00 AM

Valid to:
11/3/2007 12:59:59 AM

Subject:
CN=Europe Capital Ltd, O=Europe Capital Ltd, L=London, S=London, C=UK

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
7DA634581E16234C29CBD9697704B49A

File PE Metadata
Compilation timestamp:
7/6/2007 3:20:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:VZxnO8jI43ECsDzcEbbjE9Oo1txmNWJkzbgNGvCVI7cCCNso:J7ECsDVfEYo1CNWuzcNGvCq7cCU

Entry address:
0x2A6AC

Entry point:
E8, CA, 53, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, 00, 58, 45, 00, 75, 02, F3, C3, E9, 4A, 54, 00, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, B3, 15, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 81, 0A, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 8E, 15, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 09, 55, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00...
 
[+]

Code size:
260 KB (266,240 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
regist

Command:
C:\Program Files\mysecuritycenter\programs\info.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to radon.mysecuritycenter.com  (5.9.49.73:80)

TCP (HTTP):
Connects to cache.google.com  (91.245.214.159:80)

Remove Info.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.