× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 357e40644d899fb9c152a10db1ab0e99a45ed7be17bec39d6d167dd7cabae1c8
File name: UltraAdwareKiller.exe
Detection ratio: 1 / 68
Analysis date: 2018-07-13 01:01:53 UTC ( 4 months ago ) View latest
Antivirus Result Update
ClamAV Win.Dropper.Johnnie-6567747-0 20180712
Ad-Aware 20180712
AegisLab 20180712
AhnLab-V3 20180712
Alibaba 20180712
ALYac 20180712
Antiy-AVL 20180713
Arcabit 20180712
Avast 20180712
Avast-Mobile 20180712
AVG 20180712
Avira (no cloud) 20180712
AVware 20180712
Babable 20180406
Baidu 20180712
BitDefender 20180712
Bkav 20180712
CAT-QuickHeal 20180712
CMC 20180712
Comodo 20180713
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cylance 20180713
Cyren 20180712
DrWeb 20180712
eGambit 20180713
Emsisoft 20180712
Endgame 20180711
ESET-NOD32 20180712
F-Prot 20180712
F-Secure 20180713
Fortinet 20180712
GData 20180712
Ikarus 20180712
Sophos ML 20180601
Jiangmin 20180712
K7AntiVirus 20180712
K7GW 20180712
Kaspersky 20180712
Kingsoft 20180713
Malwarebytes 20180712
MAX 20180713
McAfee 20180712
McAfee-GW-Edition 20180712
Microsoft 20180712
eScan 20180712
NANO-Antivirus 20180712
Palo Alto Networks (Known Signatures) 20180713
Panda 20180712
Qihoo-360 20180713
Rising 20180713
SentinelOne (Static ML) 20180701
Sophos AV 20180712
SUPERAntiSpyware 20180712
Symantec 20180712
TACHYON 20180713
Tencent 20180713
TheHacker 20180712
TotalDefense 20180712
TrendMicro 20180712
TrendMicro-HouseCall 20180712
Trustlook 20180713
VBA32 20180712
VIPRE 20180712
ViRobot 20180713
Webroot 20180713
Yandex 20180712
Zillya 20180712
ZoneAlarm by Check Point 20180712
Zoner 20180712
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Carifred © 2010 - 2018

Product Ultra Adware Killer
Original name UltraAdwareKiller.exe
Internal name Ultra Adware Killer
File version 7.5.0.0
Description Ultra Adware Killer
Comments Ultra Adware killer removes malware, adware and browser hijacks for all users.
Signature verification Signed file, verified signature
Signing date 10:50 AM 7/9/2018
Signers
[+] Alfredo Anibal Santos Silva
Status Valid
Issuer COMODO RSA Code Signing CA
Valid from 1:00 AM 1/25/2016
Valid to 12:59 AM 3/10/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 9891FFC6A2D8C841620F064ED4E62D0D228BC2AA
Serial number 00 D0 28 A3 6B BE 4E C1 B7 FB F8 0D 51 7A 1B 56 C6
[+] COMODO RSA Code Signing CA
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 5/9/2013
Valid to 12:59 AM 5/9/2028
Valid usage Code Signing
Algorithm sha384RSA
Thumbprint B69E752BBE88B4458200A7C0F4F5B3CCE6F35B47
Serial number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
[+] COMODO SECURE™
Status Valid
Issuer COMODO RSA Certification Authority
Valid from 1:00 AM 1/19/2010
Valid to 12:59 AM 1/19/2038
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha384RSA
Thumbprint AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4
Serial number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Counter signers
[+] COMODO SHA-1 Time Stamping Signer
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 12/31/2015
Valid to 7:40 PM 7/9/2019
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 03A5B14663EB12023091B84A6D6A68BC871DE66B
Serial number 16 88 F0 39 25 5E 63 8E 69 14 39 07 E6 33 0B
[+] USERTrust (Code Signing)
Status Valid
Issuer UTN-USERFirst-Object
Valid from 7:31 PM 7/9/1999
Valid to 7:40 PM 7/9/2019
Valid usage EFS, Timestamp Signing, Code Signing
Algorithm sha1RSA
Thumbrint E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Serial number 44 BE 0C 8B 50 00 24 B4 11 D3 36 2D E0 B3 5F 1B
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-09 09:50:50
Entry Point 0x00055553
Number of sections 5
PE sections
Overlays
MD5 602d568904ae3512d5d592530af83a4e
File type data
Offset 10851328
Size 11272
Entropy 7.41
PE imports
CryptDestroyKey
RegCreateKeyExW
RegCloseKey
LookupAccountSidW
TreeResetNamedSecurityInfoW
RegCreateKeyW
OpenServiceW
AdjustTokenPrivileges
ControlService
CryptEncrypt
LookupPrivilegeValueW
RegDeleteKeyW
CryptHashData
RegQueryValueExW
CryptImportKey
CryptCreateHash
SetSecurityDescriptorDacl
GetNamedSecurityInfoW
CryptDecrypt
ConvertStringSidToSidW
CreateWellKnownSid
OpenProcessToken
QueryServiceStatus
GetUserNameW
RegOpenKeyExW
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
CryptReleaseContext
CloseServiceHandle
IsValidSid
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CryptAcquireContextW
RegLoadKeyW
GetLengthSid
GetAce
ChangeServiceConfigW
CryptDestroyHash
IsValidAcl
RegDeleteValueW
RegSetValueExW
CryptSetKeyParam
CryptGetHashParam
OpenSCManagerW
InitializeSecurityDescriptor
InitializeAcl
EqualSid
RegUnLoadKeyW
RegSetKeySecurity
SetSecurityDescriptorOwner
AddAce
SetNamedSecurityInfoW
Ord(412)
Ord(413)
ImageList_Destroy
Ord(410)
ImageList_GetImageCount
ImageList_Replace
ImageList_Create
ImageList_Remove
ImageList_DrawEx
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Add
GetSaveFileNameW
GetOpenFileNameW
PatBlt
OffsetRgn
CombineRgn
SetStretchBltMode
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
CreateFontW
DeleteObject
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
CreatePatternBrush
FillRgn
GetTextExtentPoint32W
GetStockObject
ExtSelectClipRgn
SelectClipRgn
CreateCompatibleDC
StretchBlt
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateSolidBrush
SetBkColor
GetBkColor
CreateCompatibleBitmap
GetStdHandle
FileTimeToSystemTime
WaitForSingleObject
FindFirstFileW
EncodePointer
SetFileTime
GetFileAttributesW
GetLocalTime
GetProcessId
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
InitializeSListHead
SetStdHandle
GetFileTime
GetCPInfo
WriteFile
GetSystemTimeAsFileTime
Thread32First
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
GetExitCodeProcess
LoadResource
FindClose
InterlockedDecrement
SetFileAttributesW
SetLastError
OpenThread
TlsGetValue
CopyFileW
WriteProcessMemory
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
RaiseException
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
VerifyVersionInfoW
SetFilePointerEx
GetPrivateProfileStringW
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
ReadFile
IsProcessorFeaturePresent
DecodePointer
TerminateProcess
GetModuleHandleExW
LocalFileTimeToFileTime
GetCurrentThreadId
SleepEx
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
TerminateThread
LoadLibraryW
GetOEMCP
QueryPerformanceCounter
TlsAlloc
FlushFileBuffers
RtlUnwind
GetFileSize
OpenProcess
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GetProcAddress
GetPrivateProfileIntW
GetProcessHeap
GetComputerNameW
GetFileSizeEx
RemoveDirectoryW
ExpandEnvironmentStringsW
FindNextFileW
WTSGetActiveConsoleSessionId
Thread32Next
FindFirstFileExW
GetPrivateProfileSectionW
GetTempPathW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GetConsoleCP
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
Process32NextW
Module32FirstW
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
ProcessIdToSessionId
GetCommandLineW
WideCharToMultiByte
HeapSize
GetCommandLineA
VerSetConditionMask
Process32FirstW
WritePrivateProfileStringW
SuspendThread
QueryPerformanceFrequency
TlsFree
SetFilePointer
Module32NextW
CloseHandle
GetACP
GetModuleHandleW
SetThreadExecutionState
GetLongPathNameW
IsValidCodePage
UnmapViewOfFile
FindResourceW
CreateProcessW
Sleep
NetUserEnum
NetApiBufferFree
SysFreeString
VariantInit
VariantClear
SysAllocString
EnumProcesses
GetModuleFileNameExW
DragQueryFileW
DragFinish
SHGetFolderPathW
Ord(190)
Shell_NotifyIconW
Ord(6)
DragQueryPoint
SHChangeNotify
SHOpenFolderAndSelectItems
ShellExecuteExW
CommandLineToArgvW
PathFileExistsW
Ord(487)
PathFindOnPathW
UrlEscapeW
PathParseIconLocationW
PathIsRootW
PathIsDirectoryW
SetFocus
GetForegroundWindow
SetWindowRgn
RedrawWindow
DestroyMenu
SetWindowPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
GetDC
GetAsyncKeyState
ReleaseDC
SendMessageW
UnregisterClassW
GetClientRect
SetMenuDefaultItem
DestroyWindow
GetParent
UpdateWindow
SetClassLongW
EnumWindows
GetMessageW
ShowWindow
SetMenuInfo
PeekMessageW
InsertMenuItemW
ShowWindowAsync
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetIconInfo
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
CreateWindowExW
GetWindowLongW
GetUpdateRect
GetWindowInfo
GetMenuStringW
MapWindowPoints
BeginPaint
DefWindowProcW
GetClassInfoExW
GetSystemMetrics
SetWindowLongW
GetWindowRect
EnumChildWindows
PostMessageW
CreatePopupMenu
GetClassLongW
DrawIconEx
SetWindowTextW
BringWindowToTop
TrackPopupMenu
DestroyAcceleratorTable
LoadCursorW
FindWindowExW
GetMenuItemID
SetForegroundWindow
ExitWindowsEx
GetMenuItemInfoW
FindWindowW
RemoveMenu
GetWindowThreadProcessId
GetSysColorBrush
BeginDeferWindowPos
RegisterClassExW
GetWindowDC
AdjustWindowRectEx
GetSysColor
CopyImage
EndDeferWindowPos
GetWindowRgn
DestroyIcon
wsprintfW
IsWindowVisible
SystemParametersInfoW
DispatchMessageW
DeleteMenu
InvalidateRect
GetClassNameW
AdjustWindowRect
GetFocus
EnableWindow
TranslateAcceleratorW
DefDlgProcW
SetCursor
GetDefaultUserProfileDirectoryW
ExpandEnvironmentStringsForUserW
GetProfilesDirectoryW
SetWindowTheme
VerQueryValueW
GetFileVersionInfoW
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpReadData
HttpQueryInfoW
FtpOpenFileW
InternetConnectW
FtpGetFileSize
InternetReadFile
InternetCrackUrlW
InternetGetConnectedState
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTSQuerySessionInformationW
WTSFreeMemory
GdipAlloc
GdipSetImageAttributesColorMatrix
Ord(1)
GdipSetCompositingQuality
GdipDrawRectangleI
GdipCreateSolidFill
GdipDrawImageI
GdipCreateBitmapFromStream
GdipAddPathEllipse
GdipCloneBrush
GdipCreateStringFormat
GdipGetRegionHRgn
GdipGetGenericFontFamilySansSerif
GdipSetPathGradientSurroundColorsWithCount
GdipSetSmoothingMode
GdipCreatePathGradientFromPath
GdipDrawPath
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipDeleteFontFamily
GdipDisposeImage
GdipDeletePath
GdipAddPathLine
GdipCreateHBITMAPFromBitmap
GdipDrawArc
GdiplusStartup
GdipSetPenEndCap
GdipDeleteGraphics
GdipFillRectangleI
GdipFillPath
GdipFillRectangle
GdipDeleteFont
GdipCreateImageAttributes
GdipSetPixelOffsetMode
GdipCreatePen1
GdipCreateRegionPath
GdipSetStringFormatAlign
GdipGetImageWidth
GdipCreateLineBrushFromRectI
GdipDrawImageRect
GdipCreateFromHWND
GdipAddPathPolygon
GdipSetPenDashStyle
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCreateFont
GdipSetPathGradientBlend
GdipDeletePen
GdipDeleteRegion
GdipSetInterpolationMode
GdipDrawLineI
GdipSetPathGradientCenterColor
GdipCreateBitmapFromFileICM
GdipClosePathFigure
GdipDrawString
GdipCreateFontFamilyFromName
GdipGetPathGradientPointCount
GdipGetImageHeight
GdipDeleteStringFormat
GdipResetPath
GdipFree
GdipCloneImage
GdipDeleteBrush
GdipCreatePath
GdipGetImageGraphicsContext
GdipSetStringFormatLineAlign
GdipDisposeImageAttributes
Ord(70)
Ord(16)
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
CoInitialize
SfcIsFileProtected
Number of PE resources by type
IMAGE 27
RT_ICON 5
RT_RCDATA 2
RT_GROUP_ICON 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 38
PE resources
Debug information
ExifTool file metadata
CodeSize
527872

SubsystemVersion
5.1

Comments
Ultra Adware killer removes malware, adware and browser hijacks for all users.

LinkerVersion
14.14

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.5.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Ultra Adware Killer

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
10324992

EntryPoint
0x55553

OriginalFileName
UltraAdwareKiller.exe

MIMEType
application/octet-stream

LegalCopyright
Carifred 2010 - 2018

FileVersion
7.5.0.0

TimeStamp
2018:07:09 10:50:50+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Ultra Adware Killer

ProductVersion
7.5.0.0

UninitializedDataSize
0

OSVersion
5.1

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Carifred

LegalTrademarks
Carifred.com

ProductName
Ultra Adware Killer

ProductVersionNumber
7.5.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 1a4c7f53613e63ffb925212744edb9a2
SHA1 70f584dfe534028c9d78642cf8778ea50c62c1b3
SHA256 357e40644d899fb9c152a10db1ab0e99a45ed7be17bec39d6d167dd7cabae1c8
ssdeep
196608:l2S7iU1JA/TF0UcllDuQrw56jETfVWiRY970vJLf1oJmkSKHICnnwm5eNMb5ECC:lxiU1JAZSDuCw7NWiu06ICveqRC

authentihash da61b1cf484a9680d72c4132e5f21575f317447b6d5ecd3ad61b678ab7cb841f
imphash 2f847e00f6e53f5ec17c7ae22f1c218b
File size 10.4 MB ( 10862600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2018-07-09 10:44:08 UTC ( 4 months, 1 week ago )
Last submission 2018-08-18 16:05:03 UTC ( 2 months, 3 weeks ago )
File names UltraAdwareKiller.exe
UltraAdwareKiller64.exe
UltraAdwareKiller.exe
Ultra Adware Killer
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller 7.5.0.exe
UltraAdware7500Killer.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller_7.5.0.0.exe
UltraAdwareKiller 7.1.0-phan mem xoa quang cao.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
UltraAdwareKiller.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
HTTP requests
DNS requests
TCP connections