home

stazher_tfile_me.exe

Canon IJ Scan Utility

PKK OOO

The executable stazher_tfile_me.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
CANON INC.  (signed by PKK OOO)

Product:
Canon IJ Scan Utility

Version:
1.1.10.8968

MD5:
575cee011eeb97aca8d64c2e502a7a09

SHA-1:
98961b438bbd58149f78ac77592c9b9374bee409

SHA-256:
e3eca6aabfe3c460c177302b2e3f19a7092120faf70fd58d45ae025f51dea762

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 8:00:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.16.9

File size:
600.9 KB (615,352 bytes)

Product version:
1.1.10.8968

Copyright:
Copyright CANON INC. 2012-2014

Original file name:
ScanUtility.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\stazher_tfile_me\stazher_tfile_me.exe

Digital Signature
Signed by:
PKK OOO

Authority:
COMODO CA Limited

Valid from:
5/19/2015 8:00:00 PM

Valid to:
5/19/2016 7:59:59 PM

Subject:
CN=PKK OOO, O=PKK OOO, STREET=103 ul.Krasnoarmeiskaya, L=Bryansk, S=Bryansk Region, PostalCode=241037, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009C395A86D91DA63BAC9CEF694A772B43

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x7DB1A

Entry point:
60, 60, C7, 44, 24, 3C, 12, CB, 75, 38, C6, 04, 24, 2B, C7, 44, 24, 38, A5, 2B, 56, 17, 9C, FF, 34, 24, 8D, 64, 24, 40, E9, 85, 01, 01, 00, C2, 7E, 24, 9D, 0A, 3F, 9F, 51, B5, 2C, BC, 0D, FB, 25, FB, 3D, 13, 31, 37, FD, 4A, D5, DB, F2, 1E, 2E, 49, EE, 41, 16, 5A, E2, 26, BB, DB, E5, 86, D8, 50, 9C, AC, E2, 96, 8E, 9A, B2, 3E, 0E, 7B, D5, 23, F5, 9B, AF, 1A, 46, F6, 62, D6, D8, C4, 2F, E3, 39, 00, 13, 2D, F1, 55, C8, 9C, EE, BD, 22, E6, 5D, EE, C8, FC, 0D, F8, 21, 3E, DE, 55, 36, 47, DF, E5, E0, 1B, 29, 9D...
 
[+]

Entropy:
6.2797

Code size:
443.5 KB (454,144 bytes)

Remove stazher_tfile_me.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.