inverter-3003-c.exe

User's Guide

TLAPIA

The application inverter-3003-c.exe, “This installer database contains the logic and data required to install User's Guide.” by TLAPIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from www.manuels-et-notices.net.
Publisher:
TLAPIA  (signed and verified)

Product:
User's Guide

Description:
This installer database contains the logic and data required to install User's Guide.

Version:
1.0.0

MD5:
5cb332eb416101b34a8dc2ce29df0c46

SHA-1:
c95b4cbf66fcac22811a5beadd3f60d4bd8f4350

SHA-256:
ab59ca297a4c4a14e8e41c67c15650d896a8e36d8578253f9c2fdd63e59b0e94

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 5:09:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TLAPIA.Installer (M)
16.3.7.12

File size:
4.2 MB (4,454,752 bytes)

Product version:
1.0.0

Copyright:
Copyright (C) Tlapia

Original file name:
Usersguide.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/22/2013 1:00:00 AM

Valid to:
1/23/2014 12:59:59 AM

Subject:
CN=TLAPIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TLAPIA, L=Montevideo, S=montevideo, C=UY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
59F70BE7091286E5251B02778D136FF2

File PE Metadata
Compilation timestamp:
3/21/2013 8:58:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:FPGnIyePz6VjGPj+D0z+ESPPm5MJjkUzDM8XPZY5APDSwE1OMJjkUzDMKdDSV33+:EyPz6ywFZeEM8XPyVXeEMcDSVlA

Entry address:
0xB07F9

Entry point:
E8, AB, C9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 01, 48, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, CB, EB, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, DD, 47, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A7, EB, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, AE, 47, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Code size:
912.5 KB (934,400 bytes)

Scheduled Task
Task name:
{44232F44-B46F-4A19-8759-57F327163296}

Trigger:
Registration (Runs on registration)


The file inverter-3003-c.exe has been seen being distributed by the following URL.

Remove inverter-3003-c.exe - Powered by Reason Core Security