home

modhack avatariya.exe

Windows Internet Explorer

Prof Assist

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application modhack avatariya.exe, “Internet Low-Mic Utility Tool” by Prof Assist has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from file-loadar-other.ru.
Publisher:
Microsoft Corporation  (signed by Prof Assist)

Product:
Windows® Internet Explorer

Description:
Internet Low-Mic Utility Tool

Version:
8.00.7600.16385 (win7_rtm.090713-1255)

MD5:
1302e4e3bac504e14f2114f9054baf95

SHA-1:
e6d61c0e6f95934a610733580c018e417cecdde3

SHA-256:
61d24dfd87f15be399d51609101cb00fb38c210439a81a1276c3e1066745ff6a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/14/2025 11:21:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ProfAssi (M)
16.7.7.22

File size:
673.5 KB (689,648 bytes)

Product version:
8.00.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
ielowutil.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\modhack avatariya.exe

Digital Signature
Signed by:
Prof Assist

Authority:
COMODO CA Limited

Valid from:
6/16/2016 3:00:00 AM

Valid to:
6/17/2017 2:59:59 AM

Subject:
CN=Prof Assist, O=Prof Assist, STREET="d. 2 kv. 34, ul.Vozdushnaya", L=Kaliningrad, S=Kaliningrad, PostalCode=236010, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2834FB06F20CE3ED975A64A6A9DC2F35

File PE Metadata
Compilation timestamp:
7/3/2016 1:26:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:lgBNNDq5dzjmR+spu/veVDCs9ypBHwA/6o39IDmGmZ7:8b4dOcbu1C62wA/OVY7

Entry address:
0x1030

Entry point:
55, 8B, EC, 81, EC, E8, 03, 00, 00, 68, 74, 14, 00, 00, A1, 34, 02, 49, 00, 50, FF, 15, E0, F0, 48, 00, 85, C0, 74, 07, 33, C0, E9, A7, 02, 00, 00, 8B, 55, F4, 8B, 4D, F4, D3, E2, 89, 55, F4, 68, 4C, 00, 49, 00, FF, 15, C0, F0, 48, 00, 8B, 45, F4, C1, E0, F8, 89, 45, F4, 68, 64, 00, 49, 00, FF, 15, C4, F0, 48, 00, FF, 15, FC, F0, 48, 00, 8B, 4D, F8, 2B, 4D, F8, 89, 4D, F4, 68, 74, 06, 00, 00, 8B, 55, F4, 52, FF, 15, E4, F0, 48, 00, 8B, 45, F4, 8B, 4D, F8, D3, E8, 89, 45, F4, 8B, 4D, F8, 03, 4D, F8, 89, 4D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
566.5 KB (580,096 bytes)

The file modhack avatariya.exe has been seen being distributed by the following URL.

http://file-loadar-other.ru/archive.php?site=hap&file=ModHack_Avatariya&dfile=first-cheats-engine02&dzfile=ru&per=one

Remove modhack avatariya.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.