prerun.exe

M/s Tech AnB

The application prerun.exe by M/s Tech AnB has been detected as adware by 19 anti-malware scanners.
Publisher:
M/s Tech AnB  (signed and verified)

MD5:
4d023cb85eea164e62c3755d743494f4

SHA-1:
777a82966a32a3cd50cb1261b05904ad6eefaa22

SHA-256:
f19aaee63e3f70b1ae1d6fd471c43a4aad89e477a31a588dd3e81ad72660fd9e

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
12/24/2024 11:53:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.5057
6528855

Avira AntiVirus
TR/Dldr.Agent.83584
7.11.212.118

AVG
Win32/DH{gRKBEyB8DA8lV04}
2016.0.3188

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.15225

Bitdefender
Gen:Variant.Adware.Symmi.5057
1.0.20.280

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.5057
9.0.0.4799

F-Secure
Gen:Variant.Adware.Symmi.5057
5.13.68

G Data
Gen:Variant.Adware.Symmi.5057
15.2.25

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.6.0

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2433

McAfee
Trojan.Artemis!4D023CB85EEA
16.8.708.2

MicroWorld eScan
Gen:Variant.Adware.Symmi.5057
16.0.0.168

Norman
Gen:Variant.Adware.Symmi.5057
03.12.2014 13:20:04

Panda Antivirus
Trj/CI.A
15.02.25.11

Reason Heuristics
PUP.DoubleOpt Media
15.2.25.10

Trend Micro House Call
TROJ_GEN.R08NC0EBH15
7.2.56

Trend Micro
TROJ_GEN.R08NC0EBH15
10.465.25

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
37894

File size:
81.6 KB (83,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\software technical support\prerun.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/9/2014 7:00:00 PM

Valid to:
2/10/2015 6:59:59 PM

Subject:
CN=M/s Tech AnB, O=M/s Tech AnB, STREET="Plot No. F-125,", STREET="Sector 74,", STREET="Industrial Area, Phase 8B", L=Mohali, S=Punjab, PostalCode=160071, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C12161D8036677E0A09B9580299D979F

File PE Metadata
Compilation timestamp:
2/5/2015 12:05:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:T1LJ1OkWkDTTNn+sRNvKq1VkxWg7i/CdyD4CASCV0d:TzYkWkDPNnLNvRxn/CdyD4CAT+

Entry address:
0x520D

Entry point:
E8, E9, 57, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 68, 48, DA, 40, 00, FF, 15, 7C, D0, 40, 00, 85, C0, 74, 15, 68, 38, DA, 40, 00, 50, FF, 15, 34, D0, 40, 00, 85, C0, 74, 05, FF, 75, 08, FF, D0, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, C8, FF, FF, FF, 59, FF, 75, 08, FF, 15, 80, D0, 40, 00, CC, 6A, 08, E8, AF, 59, 00, 00, 59, C3, 6A, 08, E8, CD, 58, 00, 00, 59, C3, 8B, FF, 56, E8, 21, 11, 00, 00, 8B, F0, 56, E8, 3D, 05, 00, 00, 56, E8, 8C, 18, 00, 00, 56, E8, CF, 5B, 00, 00, 56, E8, BA, 5B, 00...
 
[+]

Entropy:
6.3326

Code size:
48 KB (49,152 bytes)

Remove prerun.exe - Powered by Reason Core Security