» links protegidos (mega)_10924_i67691648_il345.exe
Overview
Analysis
File Details

links protegidos (mega)_10924_i67691648_il345.exe

Google Chrome Portable

LLC BUDІMEKS

The application links protegidos (mega)_10924_i67691648_il345.exe by LLC BUDІMEKS has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

Publisher:

PortableApps.com (signed by LLC BUDІMEKS)

Product:

Google Chrome Portable

Version:

43.0.2357.134

MD5:

05b3e6b74416a01f6d3dde35aae7da61

SHA-1:

b6f03d94e84257418e288d72ad7b61af7ca0b9a7

SHA-256:

638135a40feba0cb22ee129e022e261ea1d7a069eed019df05c0db3d121d0951

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 7:56:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.Bundler (M)

17.2.28.9

File size:

1.9 MB (2,008,080 bytes)

Product version:

43.0.2357.134

2007-2015 PortableApps.com, PortableApps.com Installer 3.0.19.0

Trademarks:

PortableApps.com is a registered trademark of Rare Ideas, LLC.

Original file name:

GoogleChromePortable_43.0.2357.134_online.paf.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\panda security\panda security protection\perdidos\links protegidos (mega)_10924_i67691648_il345.exe

Digital Signature

Signed by:

LLC BUDІMEKS

Authority:

COMODO CA Limited

Valid from:

8/26/2015 7:00:00 PM

Valid to:

8/26/2016 6:59:59 PM

Subject:

CN=LLC BUDІMEKS, O=LLC BUDІMEKS, STREET=Cvitna 34, L=Gorodockey area Galichani vilage, S=Lvovskaja, PostalCode=81523, C=UA

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E9F1B23ADDECC133378F48EBB20F9E3D

File PE Metadata

Compilation timestamp:

10/5/2015 2:52:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x25770D

Entry point:

68, B4, 7C, 9B, EF, E8, 0E, F8, FE, FF, 22, 78, A6, 7C, F4, AA, 68, 6A, 51, C9, C7, 63, 90, D5, 05, 7E, 55, 7A, 24, 94, 86, DF, 93, C6, A4, DA, FD, 9F, 74, 28, 9F, 89, AA, 08, A2, 2D, 0C, 41, 3B, CB, 10, BA, 80, 6D, BB, D5, 23, 97, 33, 97, 78, 1B, 73, BE, 08, 1F, F7, AA, 64, F3, 71, 37, 6F, 4F, 49, B0, 3D, 3E, 5D, D7, 7E, E1, 0F, 28, A9, AC, 02, 60, 15, 6D, 06, 11, 7B, 7C, F2, 93, 04, 9A, B7, 61, 8D, 28, 87, 64, 82, 0A, 80, 0B, 71, A6, F9, 44, 27, B2, 1A, 3D, 05, 2E, 3B, AA, 77, 65, FA, BE, 18, D3, 7C, 61... 
[+]

Entropy:

7.9835 (probably packed)

Code size:

1.8 MB (1,901,568 bytes)

Remove links protegidos (mega)_10924_i67691648_il345.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.