loaderwindows7__7934_il3702.exe

Char Technologies Solution

Develop Invest GROUP, TOV

The application loaderwindows7__7934_il3702.exe, “Char Technologies Demo” by Develop Invest GROUP, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Char Technologies  (signed by Develop Invest GROUP, TOV)

Product:
Char Technologies Solution

Description:
Char Technologies Demo

Version:
17.88.254.666

MD5:
7592422d186c6f0c4bdd4998c093b9ee

SHA-1:
28af5c445644e76cf6a733cabc8a60bf154f5846

SHA-256:
199598286852c580599a44cb969ac91a682383e3cd801954cca24ab8e4c197d7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 6:49:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
16.10.30.1

File size:
891.2 KB (912,608 bytes)

Product version:
17.88.254.666

Original file name:
char.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\loaderwindows7__7934_il3702.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 1:00:00 AM

Valid to:
4/18/2017 12:59:59 AM

Subject:
CN="Develop Invest GROUP, TOV", OU=IT, O="Develop Invest GROUP, TOV", STREET="vul. Katerynynska, 33", L=Odesa, S=Odeska, PostalCode=65000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D63C89BF3BE8D25145431EFD3FD9B18

File PE Metadata
Compilation timestamp:
4/25/2016 5:07:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:hgN+Rw6wZtpJ5T7Fjz/0tMKpxvnps8hIIxpZ5ILDIemEKvLmPQMEzYzUO:qcR1wb5tHW9HvnpBlM0emDoZ7zUO

Entry address:
0x1784

Entry point:
E8, 95, 15, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 35, A8, 21, 41, 00, FF, 15, 68, A0, 40, 00, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 55, 8B, EC, 8B, 45, 08, A3, A8, 21, 41, 00, 5D, C3, 55, 8B, EC, 51, 8D, 45, FC, 50, 68, B4, A1, 40, 00, 6A, 00, FF, 15, 74, A0, 40, 00, 85, C0, 74, 17, 68, CC, A1, 40, 00, FF, 75, FC, FF, 15, 18, A0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, C9, C3, 55, 8B, EC, FF, 75, 08, E8, C3, FF, FF, FF, 59, FF, 75, 08, FF, 15...
 
[+]

Code size:
34 KB (34,816 bytes)

Remove loaderwindows7__7934_il3702.exe - Powered by Reason Core Security