home

USPro.exe

Universal Shield

Everstrike OOO

The application USPro.exe by Everstrike OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Everstrike Software  (signed by Everstrike OOO)

Product:
Universal Shield

Version:
4.3.1

MD5:
17c608a46277bd4b935719ab31793254

SHA-1:
c42551bea2f2c82e5f5896ec779e03cf822469e1

SHA-256:
78b6902e9694835d978d25e3a1ac86bcd25abd43786313aed594ba0a8db71b00

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 2:36:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.25.9

File size:
1.2 MB (1,270,400 bytes)

Product version:
4.3.1

Copyright:
Copyright © 2001-2010

Trademarks:
Universal Shield

Original file name:
USPro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\universal shield 4.3.1\uspro.exe

Digital Signature
Signed by:
Everstrike OOO

Authority:
VeriSign, Inc.

Valid from:
1/21/2010 5:30:00 AM

Valid to:
1/14/2011 5:29:59 AM

Subject:
CN=Everstrike OOO, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Everstrike OOO, L=Ulyanovsk, S=n/a, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4F047BCF18A6FDD97F5D03D2A61289D8

File PE Metadata
Compilation timestamp:
3/5/2010 7:07:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7Kocn6VfmM19QeuPEd4P4MVpkr7+zeUa3KI6YX/740XyQ1/E/q2:7K76Vu0uPEd4Pn3seeUa3K274ahkq2

Entry address:
0x1000

Entry point:
68, 01, 80, 78, 00, E8, 01, 00, 00, 00, C3, C3, 16, D4, A5, F8, 4B, 87, C8, 27, EA, 24, D5, 27, B9, 7E, 06, 2D, 51, B8, C5, C0, 27, 76, C6, 2E, 37, 3C, 86, 4F, BE, 39, 91, 37, BF, 00, F5, 52, 7B, C1, 5B, CE, A8, 2B, A4, BF, 7F, 53, A2, C9, D1, 3B, 1A, DB, 7B, 50, D4, 47, 12, 5F, 53, E7, 4F, 64, 88, D7, B1, 7E, C8, 48, F0, C5, 9B, B7, 01, 97, DD, 44, 7B, 87, 7E, DF, D3, 01, 26, 3A, 17, 1A, C8, 93, 5B, 50, DC, B2, 88, 70, 79, F6, D0, B0, 60, 08, 51, 3B, C8, 52, 7D, 8C, CE, 79, 11, 61, DC, 46, 97, 76, 34, 0F...
 
[+]

Entropy:
6.2187

Packer / compiler:
ASProtect v1.2x (New Strain)

Code size:
328 KB (335,872 bytes)

Remove USPro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.