home

searchib-wd.ru_ru.exe

ITEA LLC

The application searchib-wd.ru_ru.exe by ITEA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
ITEA LLC  (signed and verified)

MD5:
1c48ba0708233fa9c2dec352a06ffbf7

SHA-1:
9c14b22fcdab68623e7466b5b32949d065ea67c2

SHA-256:
f9bf22448a27de50f8a29738368a9b7b4cd5d86a82b7724d0e4c64a04d7d4263

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 3:40:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.HomePageDef.ITEA (M)
16.6.9.0

File size:
289.7 KB (296,664 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\searchib-wd.ru_ru.exe

Digital Signature
Signed by:
ITEA LLC

Authority:
COMODO CA Limited

Valid from:
2/18/2016 8:00:00 AM

Valid to:
2/18/2017 7:59:59 AM

Subject:
CN="""ITEA"" LLC", OU=IT, O="""ITEA"" LLC", STREET="prosp. Vyzvolyteliv, 5", L=Kiev, S=Kiev, PostalCode=02660, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
277A5AD5AF3F7ADB181C76A58924E916

File PE Metadata
Compilation timestamp:
3/18/2016 9:34:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:3ht8UcDD1ZyYdcZZo8Z2shIJVaxOGZ2it8Kmt/LoDKVcBlPn0JEINIOdXaavWuMl:3z8fD5ZyYiZVoshIJVaxXt8KUzImcBZl

Entry address:
0x4141

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 2C, 08, 00, 00, 31, DB, E8, A0, 7A, 00, 00, 89, A5, 58, F9, FF, FF, 83, EC, 30, 89, D8, FC, 8D, 74, 24, 0F, 83, E6, F0, 89, F7, AB, AB, AB, AB, AB, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 0A, 56, 6A, 00, 6A, 00, E8, 2A, 7A, 00, 00, 85, C0, 74, 14, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 0A, 56, 6A, 00, 6A, 00, E8, 12, 7A, 00, 00, FC, 8D, 95, 80, FC, FF, FF, 89, D8, 89, D7, 8B, A5, 58, F9, FF, FF, AB, 83, EC, 30, AB, 8D, 7C, 24, 0F, 83, EC, 30, 83, E7, F0, AB, AB, AB, AB, AB, 8D, 7C...
 
[+]

Code size:
44.5 KB (45,568 bytes)

Remove searchib-wd.ru_ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.