home

save-o-gram.exe

Genesis Mobile

Publisher:
Genesis Mobile  (signed and verified)

MD5:
5ef53aeeeb776c7eb83c1146a01c384c

SHA-1:
433838deb6abbf898be996c471764054b64d60a9

SHA-256:
2552262cafad7c9a23499edca41ad8885e052cce53598983c01fb2821dda3e49

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
1/15/2025 6:38:25 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Adware.MultiPlug
2.1.4+

File size:
4.9 MB (5,176,344 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\save-o-gram.3.1-[www.patoghu.com]\key\save-o-gram.exe

Digital Signature
Signed by:
Genesis Mobile

Authority:
Unizeto Technologies S.A.

Valid from:
12/17/2014 11:23:28 PM

Valid to:
12/17/2015 11:23:28 PM

Subject:
E=support@save-o-gram.com, CN=Genesis Mobile, OU=Software Development, O=Genesis Mobile, C=HR

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
4923E8D60D28FBD4701651C8338D4B03

File PE Metadata
Compilation timestamp:
9/12/2015 6:50:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
83.82

CTPH (ssdeep):
98304:6/lhkmO2iS4VbTPKSPcjcY1dOxaxu3z4mvT//5aJO37+DTGB6rOM:6/lhkm9iSq4oEiTZaUL06srOM

Entry address:
0x2E213F

Entry point:
60, E8, 00, 00, 00, 00, 5D, 81, ED, 45, 21, 2E, 00, E8, 06, 00, 00, 00, BD, FF, FF, FF, FF, C3, 58, 89, 68, 01, 3E, 8B, 9D, 4C, 70, 2F, 00, 3E, 8D, B5, A4, 70, 2F, 00, E8, 04, 00, 00, 00, 00, 00, 00, 00, 6A, 40, 6A, 50, 53, FF, 16, E8, 1E, 00, 00, 00, 60, 9C, E8, CC, FF, FF, FF, 56, 50, 3E, 8D, B5, A4, 70, 2F, 00, E8, 11, 00, 00, 00, 87, 06, 58, 5E, E9, AD, 00, 00, 00, 5D, 87, 2E, E8, 06, 00, 00, 00, B8, FF, FF, FF, FF, C3, 58, 89, 68, 01, E8, 0C, 00, 00, 00, E8, 05, 00, 00, 00, 90, 90, 90, 90, 90, EB, 2F...
 
[+]

Entropy:
7.2131

Packer / compiler:
ASPack v1.08.04

Code size:
804 KB (823,296 bytes)

The file save-o-gram.exe has been seen being distributed by the following URL.

temp:save-o-gram.exe

Scan save-o-gram.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.