uvk_en.exe

Ultra Virus Killer

Alfredo Anibal santos silva

The application uvk_en.exe by Alfredo Anibal santos silva has been detected as a potentially unwanted program by 8 anti-malware scanners. Additionally, the file is typically installed by a number of programs including UVK - Ultra Virus Killer by Carifred and Greenlight Computer Clinic Repair Tool by Greenlight Computer Clinic. While running, it connects to the Internet address biz141.inmotionhosting.com on port 80 using the HTTP protocol.
Publisher:
Carifred  (signed by Alfredo Anibal santos silva)

Product:
Ultra Virus Killer

Version:
7.3.7.0

MD5:
b9800627cc49b2d4339bc07062f460a8

SHA-1:
9ec213cb66fbbfe6f54f798852ed7ca0b7117b53

SHA-256:
2e3d27344d4100dcbefd9bc841ab0094abc85609986264cb1088526efcb25d66

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:22:18 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Detection.Undefined
9.7.0.302.0

McAfee
Artemis!437B8FAAAABC
5600.6682

NANO AntiVirus
Trojan.Win32.Autoit.dbiolu
0.28.0.60475

Reason Heuristics
PUP.AlfredoAnibalsantossilva (M)
15.8.6.7

Rising Antivirus
AU3SCRIPT:Trojan.Script.VBS.StartPage.rf!1596587
23.00.65.15804

Total Defense
Win32/Tnega.AVVX
37.0.11218

Trend Micro House Call
Suspicious_GEN.F47V0621
7.2.218

Zillya! Antivirus
Trojan.Cossta.Win32.8444
2.0.0.1838

File size:
1.6 MB (1,681,408 bytes)

Product version:
7.3.0.0

Copyright:
Carifred © 2010 - 2015

Trademarks:
Carifred.com

Original file name:
UVK.exe

File type:
Executable application (Win64 EXE)

Language:
English (United Kingdom)

Common path:
C:\Program Files\uvk - ultra virus killer\uvk_en.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/9/2014 12:00:00 AM

Valid to:
3/9/2019 11:59:59 PM

Subject:
CN=Alfredo Anibal santos silva, O=Alfredo Anibal santos silva, STREET=Résidence les angéliques, STREET=Rue du grand large, L=Port vendres, S=Languedoc - Roussillon, PostalCode=66660, C=FR

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E4E0EEAC938C9428AF79577D5C6F9663

File PE Metadata
Compilation timestamp:
8/5/2015 10:25:00 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:EgTiSxZga5GBoZtVeIa/xVIjwts+z2o757nI:fHmoZtaCjwuo75c

Entry address:
0x2F7DC

Entry point:
48, 83, EC, 28, E8, BF, B3, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 8B, 05, EA, 9B, 0A, 00, 44, 8B, C2, 23, CA, 41, F7, D0, 44, 23, C0, 44, 0B, C1, 44, 89, 05, D5, 9B, 0A, 00, C3, 48, 83, EC, 28, E8, 87, 28, 00, 00, 48, 85, C0, 74, 0A, B9, 16, 00, 00, 00, E8, A8, 28, 00, 00, F6, 05, B5, 9B, 0A, 00, 02, 74, 29, B9, 17, 00, 00, 00, E8, 25, 1D, 01, 00, 85, C0, 74, 07, B9, 07, 00, 00, 00, CD, 29, 41, B8, 01, 00, 00, 00, BA, 15, 00, 00, 40, 41, 8D, 48, 02, E8, 52, 09, 00, 00, B9, 03, 00, 00, 00, E8...
 
[+]

Entropy:
7.3276

Code size:
672 KB (688,128 bytes)

The file uvk_en.exe has been discovered within the following programs.

Greenlight Computer Clinic Repair Tool  by Greenlight Computer Clinic
www.carifred.com/uvk
About 6% of users remove it
Mastertech Computers Corp Repair Tool  by Mastertech Computers Corp
About 7% of users remove it
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to biz141.inmotionhosting.com  (216.194.169.105:80)

Remove uvk_en.exe - Powered by Reason Core Security