» p@h_prod308-avtmhyrj.exe
Overview
Analysis
File Details
Downloads (958)

p@h_prod308-avtmhyrj.exe

P@H-Protocol

Valassis Communications, Inc.

File name:

Publisher:

Valassis (signed by Valassis Communications, Inc.)

Product:

P@H-Protocol

Description:

This file installs Valassis P@H-Protocol.

Version:

3.0.8.6

MD5:

412488d076b0214f0a8149beb2b1e75a

SHA-1:

95cf3b306984f4cd6593f99ef61511a78adca7e8

SHA-256:

9d7ccd62a40ba071dcef853ea0b2e65c36e42ac0de49ed5e61dacb07e5ef4075

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/16/2024 10:52:35 AM UTC (today)

File size:

2.1 MB (2,166,416 bytes)

Product version:

3.0.8.6

Original file name:

P2H-Protocol.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\p@h_prod308-avtmhyrj.exe

Digital Signature

Signed by:

Valassis Communications, Inc.

Authority:

DigiCert Inc

Valid from:

3/10/2013 8:00:00 PM

Valid to:

3/16/2016 8:00:00 AM

Subject:

CN="Valassis Communications, Inc.", O="Valassis Communications, Inc.", L=Livonia, S=MI, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0418A9066C0ADD608858AA77BDE00B92

File PE Metadata

Compilation timestamp:

10/30/2014 7:54:05 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:xgH1mzGSx+/QYSP73q8ORFdpWyRd5ASFCEuCVOjH:xgH1sGSxiQYSP7Yx5AuuCVOL

Entry address:

0xC8DAC

Entry point:

E8, 46, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4D, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4D, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77... 
[+]

Entropy:

6.9625

Code size:

1023.5 KB (1,048,064 bytes)

The file p@h_prod308-avtmhyrj.exe has been seen being distributed by the following 50 URLs.

https://prod308-client.redplum.com/protocol/.../P@H_prod308-H1zaT7mm.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-aKMiNNiq.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-2vqyuJKq.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-mLzPecqX.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-36PoNOvR.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-UViHwMk9.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-CFFGNqVI.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-CKaNXR2x.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-yi4ATcy3.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-Xxq2KHRh.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-iNyHmhwE.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-8SFpfd61.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-1UA4C3W5.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-h6WqJrMh.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-K2LZD6tx.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-pgKX6x0j.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-ugEK6bNK.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-zDwXGUhp.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-EShIOp6F.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-5Iozt9aq.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-GzW43Ikk.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-CiSCDVFp.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-85c6VFVR.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-6SvuJGMA.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-iBC8dBqo.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-Wo8w9O8o.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-yd0EVYSo.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-rbNXPkVj.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-Eb6NPwUk.exe

https://prod308-client.redplum.com/protocol/.../P@H_prod308-pJQErKJl.exe

Latest 30 of 958 download URLs

Scan p@h_prod308-avtmhyrj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.