removal.exe

EpicPlay LLC

The application removal.exe by EpicPlay has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program ArcadeParlor by Arcadeparlor.com which is a potentially unwanted software program.
Publisher:
EpicPlay LLC  (signed and verified)

MD5:
d4079fee36faf76ea0704dde2d3f9d9e

SHA-1:
07a57597f55068dc0706acaafde3954061cc6c70

SHA-256:
9f382544949c688c2d24d79a1631f027923a3bf4b53c56df97464f80c13d096a

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
11/27/2024 10:54:33 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.Agent
14.06.12

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.EpicPlay.H
14.6.12.13

VIPRE Antivirus
Gamevance LLC
29676

File size:
222.2 KB (227,504 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\arcadeparlor\removal.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/4/2013 7:00:00 PM

Valid to:
6/5/2014 6:59:59 PM

Subject:
CN=EpicPlay LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EpicPlay LLC, L=Newport Beach, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DB5E86A4E124ECBF9671AAF915B352E

File PE Metadata
Compilation timestamp:
6/28/2013 8:02:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:0NeuAbbdsoKUL8C+e6uelNgmcGpYropF2YW38+FjBmbcJqrF:0N8/RV6PlN3cGWhX8EjQbcJqrF

Entry address:
0x84CC

Entry point:
E8, 77, 7B, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 04, 8B, 4C, 24, 08, F7, C2, 03, 00, 00, 00, 75, 40, 8B, 02, 3A, 01, 75, 32, 84, C0, 74, 26, 3A, 61, 01, 75, 29, 84, E4, 74, 1D, C1, E8, 10, 3A, 41, 02, 75, 1D, 84, C0, 74, 11, 3A, 61, 03, 75, 14, 83, C1, 04, 83, C2, 04, 84, E4, 75, D2, 8B, FF, 33, C0, C3, EB, 03, CC, CC, CC, 1B, C0, 83, C8, 01, C3, 8B, FF, F7, C2, 01, 00, 00, 00, 74, 18, 8A, 02, 83, C2, 01, 3A, 01, 75, E7, 83, C1, 01, 84, C0, 74, D8, F7, C2, 02, 00...
 
[+]

Entropy:
5.9887

Code size:
130 KB (133,120 bytes)

The file removal.exe has been discovered within the following program.

ArcadeParlor  by Arcadeparlor.com
Owned and operated by EpicPlay LLC, ArcadeParlor is distributed via the InstallIQ download manager. "Premium Games are offered free of charge at the Site in exchange for your agreement to install the ArcadeParlor Software.
www.arcadeparlor.com
81% remove it
 
Powered by Should I Remove It?

Remove removal.exe - Powered by Reason Core Security