» prerun.exe
Overview
Analysis
File Details

prerun.exe

M/s Tech AnB

The application prerun.exe by M/s Tech AnB has been detected as adware by 9 anti-malware scanners.

File name:

prerun.exe

Publisher:

M/s Tech AnB (signed and verified)

MD5:

449a5af54783746658e12398f0e0708e

SHA-1:

0574280a1ae9b431cfa24f0877f0646c724e3d93

SHA-256:

6d67379fac3665906d94bb759e19ed7bb7c51ba2536d2da75d9f3271531b73cb

Scanner detections:

9 / 68

Status:

Adware

Analysis date:

11/5/2024 9:46:24 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/DH{gRKBEyB8DA8lV04}

2016.0.3108

Baidu Antivirus

Trojan.Win32.Downloader

4.0.3.15515

Bkav FE

W32.HfsAdware

1.3.0.6379

IKARUS anti.virus

Backdoor.VB.Agent

t3scan.1.8.9.0

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.2036

McAfee

Artemis!449A5AF54783

5600.6764

Norman

Gen:Variant.Adware.Symmi.5057

03.12.2014 13:20:04

Reason Heuristics

Threat.DoubleOpt Media .MsTechAnB

15.5.15.15

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

81.6 KB (83,584 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\software technical support\prerun.exe

Digital Signature

Signed by:

M/s Tech AnB

Authority:

COMODO CA Limited

Valid from:

2/9/2014 7:00:00 PM

Valid to:

2/10/2015 6:59:59 PM

Subject:

CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C12161D8036677E0A09B9580299D979F

File PE Metadata

Compilation timestamp:

1/14/2015 4:45:35 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:K1LJVOkW3gT2wHNne96RqKvGK1VkxWg7JcQhycYYAFV0O:Kz4kW3haNnLqKv9xocQhycYYA31

Entry address:

0x520D

Entry point:

E8, E9, 57, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, 28, DA, 40, 00, FF, 15, 7C, D0, 40, 00, 85, C0, 74, 15, 68, 18, DA, 40, 00, 50, FF, 15, 34, D0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 80, D0, 40, 00, CC, 6A, 08, E8, AF, 59, 00, 00, 59, C3, 6A, 08, E8, CD, 58, 00, 00, 59, C3, 8B, FF, 56, E8, 21, 11, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8C, 18, 00, 00, 56, E8, CF, 5B, 00, 00, 56, E8, BA, 5B, 00... 
[+]

Entropy:

6.3304

Code size:

48 KB (49,152 bytes)

Remove prerun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.