home

texteditor.exe

IT CONSULT LLC

The executable texteditor.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘TextEditor’.
Publisher:
IT CONSULT LLC  (signed and verified)

MD5:
ff90820e024f040967e05dfa05927317

SHA-1:
6c7dc6ab693be7e7e68d2032a11c4351a157d2d0

SHA-256:
522041962031cfd59ca542483b72fa4eaddb42264f3bdb3b85e925906a3584f1

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/15/2024 3:45:10 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.10.11

File size:
184.2 KB (188,576 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\texteditor\daemon\texteditor.exe

Digital Signature
Signed by:
IT CONSULT LLC

Authority:
COMODO CA Limited

Valid from:
12/7/2015 2:00:00 AM

Valid to:
12/7/2016 1:59:59 AM

Subject:
CN=IT CONSULT LLC, OU=IT, O=IT CONSULT LLC, STREET="prov. Okhtyrskyy, 7", L=Kyyiv, S=Kyyiv, PostalCode=03022, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D5D544D7B91FA5FC0ED6FC17A58E809E

File PE Metadata
Compilation timestamp:
11/26/2015 12:44:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x8371

Code size:
87 KB (89,088 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TextEditor

Command:
"C:\users\{user}\appdata\roaming\texted~1\daemon\texted~1.exe"


Remove texteditor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.