home

prefetch.exe

M/s Tech AnB

The application prefetch.exe, “Setup Application” by M/s Tech AnB has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from downloads.doubleoptmedia.com and multiple other hosts.
Publisher:
DoubleOptMedia  (signed by M/s Tech AnB)

Product:
DoubleOptMedia

Description:
Setup Application

Version:
1.0.4.0

MD5:
39af03687b5e558dc2071f700e07c06d

SHA-1:
d1f1da1243bd9ac5ad29241d274c707adee667d9

SHA-256:
243b3705f5447c0b4bad150d5eff2055d55b5a462a443e5ab48facdcc86838a7

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
1/13/2025 3:44:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.39392
1059

Bitdefender
Gen:Variant.Symmi.39392
1.0.20.355

Bkav FE
W32.FaimdaisyLTAM.Trojan
1.3.0.4959

Dr.Web
Tool.BtcMine.141
9.0.1.071

Emsisoft Anti-Malware
Gen:Variant.Symmi.39392
8.14.03.12.10

F-Secure
Gen:Variant.Symmi.39392
11.2014-12-03_4

G Data
Gen:Variant.Symmi.39392
14.3.24

MicroWorld eScan
Gen:Variant.Symmi.39392
15.0.0.213

Reason Heuristics
PUP.Installer.MsTechAnB.I
14.3.13.0

Trend Micro House Call
TROJ_GEN.F47V0311
7.2.71

File size:
7.6 MB (7,980,592 bytes)

Product version:
1.0.4.0

Copyright:
DoubleOptMedia Copyright ?1992-2012 DoubleOptMedia

Trademarks:
DoubleOptMedia is a trademark of DoubleOptMedia

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Common path:
C:\users\{user}\appdata\local\temp\prefetch.exe

Digital Signature
Signed by:
M/s Tech AnB

Authority:
COMODO CA Limited

Valid from:
2/10/2014 3:00:00 AM

Valid to:
2/11/2015 2:59:59 AM

Subject:
CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C12161D8036677E0A09B9580299D979F

File PE Metadata
Compilation timestamp:
12/16/2011 10:06:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:KKDNRv6uGWFbYQJ3rRcIkOHVwTieJDdV1/lrHfKS42dfkILv6m:KeHyEbY+rR7eldj/ZHiS42dpmm

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9826  (probably packed)

Code size:
22 KB (22,528 bytes)

The file prefetch.exe has been seen being distributed by the following 2 URLs.

http://downloads.doubleoptmedia.com/g8g.exe

http://downloads.doubleoptmedia.com/g8c.exe

Remove prefetch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.