home

purifyme.exe

Операционная система Microsoft Windows

Avanpost IT, TOV

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application purifyme.exe, “Исполняемый файл для игры "Mahjong Titans"” by Avanpost IT, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Microsoft Corporation  (signed by Avanpost IT, TOV)

Product:
Операционная система Microsoft® Windows®

Description:
Исполняемый файл для игры "Mahjong Titans"

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
efbd3974de6a8d1c8d12047a7c590ad7

SHA-1:
a2a6d6acdb2c1264f5ea4e06bca292f77d297c79

SHA-256:
14da7aa4b70da10c03c8a195380ecef377caeaca3c74d291ebe1a76f901cb1d6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 9:04:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
17.3.8.18

File size:
6.3 MB (6,579,744 bytes)

Product version:
6.1.7600.16385

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
mahjong.exe.mui

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\purifyme.exe

Digital Signature
Signed by:
Avanpost IT, TOV

Authority:
COMODO CA Limited

Valid from:
3/22/2016 4:00:00 AM

Valid to:
3/23/2017 3:59:59 AM

Subject:
CN="Avanpost IT, TOV", OU=IT, O="Avanpost IT, TOV", STREET=Bud. 58 prospekt P'yatdesyatyrichchya Srsr, L=Kharkiv, S=Kharkivska, PostalCode=61000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FD2121F7F1B4A1FB43BF7FCA522878EF

File PE Metadata
Compilation timestamp:
1/8/2010 9:38:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

Entry address:
0x629A78

Entry point:
E8, 69, 11, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 7F, A3, 00, E8, 02, 17, 00, 00, E8, 3A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, FC, 10, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BB, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
6.2 MB (6,498,816 bytes)

Remove purifyme.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.