ares.exe
Ares p2p for windows by Ares Development Group
Warning 8 antivirus scanners has detected malware in various versions of ares.exe.
Overview
There are 10 versions of ares.exe in the wild, the latest version being 3.1.7.3042. ares.exe is run as a standard windows process with the logged in user's account privileges. The process displays a GUI (graphical user interface) which allows the user to interact with it as well as displays a notification icon in the taskbar. By adding a startup entry to the run registry key, the file will be executed when the user logs into Windows. The average file size is about 1.8 MB. The programs Ares 2.2.4, Ares 2.2.5 and Ares 2.1.9 have been observed as installing specific variations of ares.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0068% including both foreground and background operations, the average private memory consumption is about 14.06 MB with the maximum memory reaching around 17.06 MB. Addionally, typically read and write I/O disk operations is about 590 Bytes per minute for reads and 402 Bytes per minute for writes.
What is ares.exe?
ares.exe is the main user interface process for the Ares p2p program.
About ares.exe (from Ares Development Group)
“Ares engages millions of peers to create one of the largest file sharing networks in existence today. Ares contains absolutely NO adware or spyware and is certified a 100% clean download. Ares is ver”
 Details
|
| File name: | ares.exe |
| Publisher: | Ares Development Group |
| Product name: | Ares p2p for windows |
| Typical file path: | C:\Program Files\ares\ares.exe |
Programs installed in
(Note, the programs listed below are for all versions of Ares p2p for windows.)
“Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc. You may now easily publish your files through the...”
Distributed by Onekit Internet S,L, this P2P program bundles additional software, most PUPs (potentially unwanted programs such as adware). It uses a 3rd-party download and install manager. From the T...
Behaviors
(Note, the behaviors below are for all versions of ares.exe, select a unique version for details.)
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'ares' → "C:\Program Files\Ares\Ares.exe" -h
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
- Firewall exception for 'C:\Program Files\Ares\Ares.exe'
Scheduled tasks
- Entry path '\{60238128-8CBA-469B-8E51-BD56B59EE593}'
Malware detections
Based on 40+ industry antivirus scanners, 8 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Baidu Antivirus |
3.5.1.41473 |
BackDoor.Win32.Kris.rio |
2.2.4.3048 |
| ByteHero |
1.0.0.1 |
Trojan.Win32.Heur.089 |
3.1.7.3042 |
| Clam AntiVirus |
0.97.3.0 |
PUA.Packed.ASPack |
2.1.2.3036 |
| Comodo Internet Security |
16713 |
Heur.Suspicious |
2.2.3.3047 |
| Comodo Internet Security |
16925 |
Heur.Suspicious |
2.2.4.3048 |
| Dr.Web |
7.0.2.04281 |
Trojan.MulDrop1.40731 |
2.1.2.3036 |
| eSafe |
7.0.17.0 |
Win32.Trojan |
2.1.2.3036 |
| Jiangmin |
16.0.100 |
Win32/Virut.bn |
2.2.4.3048 |
All file variations of ares.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
34.48% |
|
| Microsoft Windows XP |
24.14% |
|
| Windows 7 Ultimate |
17.24% |
|
| Windows 8 Enterprise |
6.90% |
|
| Windows 8 |
6.90% |
|
| Windows 7 Professional |
6.90% |
|
| Windows 8 Pro |
3.45% |
|
Distribution by country
United States installs about 31.03% of Ares p2p for windows.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Compaq |
33.33% |
|
| Toshiba |
16.67% |
|
| Hewlett-Packard |
12.50% |
|
| GIGABYTE |
8.33% |
|
| Lenovo |
8.33% |
|
| Acer |
8.33% |
|
| Gateway |
8.33% |
|
| American Megatrends |
4.17% |
|
