power point 2010.exe

The application power point 2010.exe has been detected as a potentially unwanted program by 35 anti-malware scanners. This is a setup program which is used to install the application. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes. The file has been seen being downloaded from dc356.4shared.com.
MD5:
d22cedc4e9cd9c2d0e22777454cee0ae

SHA-1:
eecaabce2d930e78614cc7d877313e2697fd314f

SHA-256:
682266aa7503659876730a9c78229848f9d8631645db7b41824f5f0eca36d34f

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
11/15/2024 9:47:28 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.FAkeAlert.105
330

Agnitum Outpost
Trojan.FAkeAlert
7.1.1

AhnLab V3 Security
Backdoor/Win32.Gbot
2015.12.23

Avira AntiVirus
TR/Crypt.XPACK.Gen7
8.3.2.4

Arcabit
Trojan.FAkeAlert.105
1.0.0.637

avast!
Sf:Ardamax-A [PUP]
2014.9-160311

AVG
Ardamax
2017.0.2808

Baidu Antivirus
Adware.Win32.KeyLogger.Ardamax
4.0.3.16311

Bitdefender
Gen:Variant.FAkeAlert.105
1.0.20.355

Clam AntiVirus
Win.Trojan.Agent-944871
0.98/21511

Comodo Security
TrojWare.Win32.Ardamax.NBQ
23830

Dr.Web
Trojan.KeyLogger.20951
9.0.1.071

Emsisoft Anti-Malware
Gen:Variant.FAkeAlert.105
8.16.03.11.04

ESET NOD32
Win32/KeyLogger.Ardamax.NBQ (variant)
10.12766

Fortinet FortiGate
W32/Gbot.ACCR!tr.bdr
3/11/2016

F-Prot
W32/Gbot.A.gen
v6.4.7.1.166

F-Secure
Gen:Variant.FAkeAlert.105
11.2016-11-03_6

G Data
Gen:Variant.FAkeAlert.105
16.3.25

IKARUS anti.virus
Gen.Heur
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18194

Kaspersky
not-a-virus:HEUR:Monitor.Win32.Ardamax
14.0.0.534

Malwarebytes
PUP.Optional.ArdamaxKeyLogger
v2016.03.11.04

McAfee
Keylog-FAQ
5600.6464

Microsoft Security Essentials
MonitoringTool:Win32/Ardamax
1.1.12400.0

MicroWorld eScan
Gen:Variant.FAkeAlert.105
17.0.0.213

NANO AntiVirus
Trojan.Win32.KeyLogger.ccgijz
1.0.14.5317

Panda Antivirus
Trj/Genetic.gen
16.03.11.04

Quick Heal
MonitoringTool.Ardamax.A5
3.16.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16309

Sophos
Mal/Ardamax-A
4.98

Trend Micro House Call
TSPY_ARDAMAX.SM1
7.2.71

Trend Micro
TSPY_ARDAMAX.SM1
10.465.11

VIPRE Antivirus
Trojan.Win32.Ardamax.nbq
45948

ViRobot
Backdoor.Win32.S.Gbot.2056192.A[h]
2014.3.20.0

Zillya! Antivirus
Tool.Keylogger.Win32.27
2.0.0.2575

File size:
2 MB (2,056,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\programs\power point 2010.exe

File PE Metadata
Compilation timestamp:
11/28/2013 11:43:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:eOmwGJ9sLk5phMUlC0Po/ydxL3iUEv66gjpK6:e+GJNb5A0PCgxLy966qv

Entry address:
0x56F0

Entry point:
E8, A7, 27, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 04, 8B, 4C, 24, 08, F7, C2, 03, 00, 00, 00, 75, 3C, 8B, 02, 3A, 01, 75, 2E, 0A, C0, 74, 26, 3A, 61, 01, 75, 25, 0A, E4, 74, 1D, C1, E8, 10, 3A, 41, 02, 75, 19, 0A, C0, 74, 11, 3A, 61, 03, 75, 10, 83, C1, 04, 83, C2, 04, 0A, E4, 75, D2, 8B, FF, 33, C0, C3, 90, 1B, C0, D1, E0, 83, C0, 01, C3, F7, C2, 01, 00, 00, 00, 74, 18, 8A, 02, 83, C2, 01, 3A, 01, 75, E7, 83, C1, 01, 0A, C0, 74, DC, F7, C2, 02, 00, 00, 00, 74, A4, 66, 8B, 02, 83...
 
[+]

Entropy:
7.6661

Code size:
39.5 KB (40,448 bytes)

The file power point 2010.exe has been seen being distributed by the following URL.

Remove power point 2010.exe - Powered by Reason Core Security