home

searchis-cors.ru_ru.exe

IT CONSULT LLC

The executable searchis-cors.ru_ru.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
IT CONSULT LLC  (signed and verified)

MD5:
ddb2ee98c31904f2841d0fa817b58b7d

SHA-1:
46bcbe73a08b3c259e12e0532ad7ef7c1ac62b9a

SHA-256:
8ad2032f0e53128ede0322eaa1db7c3a06b346bba35f5da0c190e5099b249401

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 3:21:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.1.10

File size:
475.5 KB (486,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\searchis-cors.ru_ru.exe

Digital Signature
Signed by:
IT CONSULT LLC

Authority:
COMODO CA Limited

Valid from:
12/7/2015 3:00:00 AM

Valid to:
12/7/2016 2:59:59 AM

Subject:
CN=IT CONSULT LLC, OU=IT, O=IT CONSULT LLC, STREET="prov. Okhtyrskyy, 7", L=Kyyiv, S=Kyyiv, PostalCode=03022, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D5D544D7B91FA5FC0ED6FC17A58E809E

File PE Metadata
Compilation timestamp:
2/24/2012 10:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x38AF

Entry point:
7D, 94, CE, B4, DB, 7B, 57, C4, 47, 99, AE, 1C, FB, C4, 6B, C5, 28, 93, 55, 71, 23, A0, 06, 44, E0, 3B, 03, 0D, 00, 15, BC, 72, 92, 68, 40, 92, C3, C9, F9, D5, 6C, F8, F9, 02, 06, C5, CF, C3, C7, 17, 2E, 72, 5B, 48, CD, B2, 46, 4A, 73, 90, CF, 5D, C1, 61, B2, C8, 65, B0, 2E, FD, F6, 0C, C1, 02, 0C, 4E, C6, A2, B1, 5B, CB, B0, 26, 42, 7E, 1B, 58, B3, A0, DC, 9B, F4, 73, B3, AC, AE, B1, BD, E6, 1D, CE, C5, 61, 45, CF, D7, 50, 4C, FB, 5D, C1, B4, FE, D9, 3D, 45, 85, D3, 3E, FA, D4, 35, 16, 48, 60, 1B, 90, E7...
 
[+]

Code size:
29 KB (29,696 bytes)

Remove searchis-cors.ru_ru.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.