pushouah.exe

Push

Kreapixel

The application pushouah.exe by Kreapixel has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from softs.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Product:
Push

Version:
1.0.0.0

MD5:
5d91a818123dc0b73e2eebd89849fb45

SHA-1:
6b3ddc97d960a8cf26aad162357d21400211d2fd

SHA-256:
c8a01a2d5cc48603121d9c53db5377cf11105c850f17d3370858572cd71be5f7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 10:59:24 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1119
9.0.1.0358

Reason Heuristics
PUP.Kreapixel.I
14.2.16.3

File size:
238.9 KB (244,600 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
Push.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\pushouah.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
4/28/2013 12:00:00 AM

Valid to:
4/29/2014 12:59:59 AM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
2/25/2013 10:38:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:S0HM8VHNeBfB0CKSVHQxK83Nd/j9pTjthZSTGLm:nFtkBfExb7b9hth8D

Entry address:
0x3C07E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
232.5 KB (238,080 bytes)

The file pushouah.exe has been seen being distributed by the following 2 URLs.

http://softs.illyx.com/setup/dl.php?l=ressources/.../push&telecharger=pushouah

Remove pushouah.exe - Powered by Reason Core Security