vbsprn64.exe

Notifications

Acai Tech Ltd

The application vbsprn64.exe by Acai Tech has been detected as adware by 8 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shop For Rewards64’.
Publisher:
Acai Tech Ltd  (signed and verified)

Product:
Notifications

Description:
Notications

Version:
1.0.0.3

MD5:
6be340b4a63bddb372af856464e86f0f

SHA-1:
48ce2bfe0ee9ef3ef5c45fa7f2566777498d0b36

SHA-256:
56a21aab2c38c0c49767c1aa23ebd44c75e18242f8eeec4e3efff90e10c54c76

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/27/2024 1:40:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

Emsisoft Anti-Malware
Adware.Shopperz
8.15.06.04.03

ESET NOD32
Win64/Toolbar.Perion (variant)
8.10875

F-Secure
Adware.Shopperz.A
11.2015-04-06_5

Malwarebytes
PUP.Optional.Pitaya
v2014.12.16.02

Norman
Adware.Shopperz.A
11.20150604

Reason Heuristics
PUP.Startup.AcaiTech.I
14.12.16.14

Trend Micro House Call
Suspicious_GEN.F47V1207
7.2.350

File size:
447.3 KB (458,040 bytes)

Product version:
1.0.0.3

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shop for rewards\vbsprn64.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/21/2014 8:00:00 PM

Valid to:
9/22/2015 7:59:59 PM

Subject:
CN=Acai Tech Ltd, O=Acai Tech Ltd, STREET=Rakefet 19, L=Hod Hasharon, S=Sharon, PostalCode=4520634, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
189E85B982528243713729AC8244D22C

File PE Metadata
Compilation timestamp:
11/26/2014 10:34:02 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jReh5G0+mYGZhZRjU43E08M8PZGTHue2TbqzqXfai9LVUItWJ2E/tl9+:ohVZUbRe2lD9LVRvE/ta

Entry address:
0x27C5C

Entry point:
48, 83, EC, 28, E8, 9F, 7C, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 4C, 8B, DC, 49, 89, 53, 10, 4D, 89, 43, 18, 4D, 89, 4B, 20, 48, 83, EC, 38, 4C, 8B, C2, 49, 8D, 43, 18, 48, 8B, D1, 48, 8D, 0D, 28, 7F, 00, 00, 45, 33, C9, 49, 89, 43, E8, E8, 08, 00, 00, 00, 48, 83, C4, 38, C3, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 57, 48, 83, EC, 50, 48, 83, 60, C8, 00, 48, 8B, DA, 33, D2, 49, 8B, F8, 48, 8B, E9, 44, 8D, 42, 28, 48, 8D, 48, D0, 49, 8B, F1, E8, C4, FB, FF, FF...
 
[+]

Entropy:
6.0090

Code size:
250.5 KB (256,512 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shop For Rewards64

Command:
C:\Program Files\shop for rewards\vbsprn64.exe


Remove vbsprn64.exe - Powered by Reason Core Security