» .tubemate.exe
Overview
Analysis
File Details
Behaviors (1)

.tubemate.exe

The executable .tubemate.exe has been detected as malware by 24 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘windows’.

File name:

.tubemate.exe

MD5:

6eb8a3ae6b05ee5b23ad94aa60473283

SHA-1:

5e1f7e663a91a012db385ff98522c6b1da244eda

SHA-256:

1716556d3a9d7f92098bcbeeabec5eb0d41c60e4f607d7f431af76a4d85b7924

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/29/2024 2:04:09 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Xema.variant

5.0.

Avira AntiVirus

TR/Agent.agh.68096

7.9.0.76

Emsisoft A-Squared

Trojan.Win32.Agent!IK

4.0.0.93

AVG

Generic3

2018.0.2438

Bitdefender

Trojan.Agent.AGH

1.0.20.370

Clam AntiVirus

Trojan.Agent-8793

0.98/171

Comodo Security

TrojWare.Win32.Agent.AGH

972

ESET NOD32

Win32/Agent.AGH

11.3839

F-Prot

W32/Trojan.ZLO

v6.4.4.4.56

F-Secure

Trojan.Win32.Agent.agh

11.2017-15-03_4

G Data

Trojan.Agent.AGH

17.3.19

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.2.05.0

K7 AntiVirus

Trojan.Win32.Agent.agh

13.7.10.624

Kaspersky

Trojan.Win32.Agent

14.0.0.-1313

McAfee

Generic MSVC.b

5600.6094

Microsoft Security Essentials

Trojan:Win32/Agent

1.163.1557.0

Norman

W32/Agent.BCTE

11.20170315

nProtect

Trojan/W32.Agent.68096.E

2009.1.8.0

Panda Antivirus

W32/MediaTest.A.worm

17.03.15.12

Prevx

Cloaked Malware

Quick Heal

Trojan.Agent.agh

3.17.10.00

Sophos

Troj/Prorat-DJ

4.38

Vba32 AntiVirus

Trojan.Win32.Agent.agh

3.12.8.12

ViRobot

Trojan.Win32.Agent.68096.B

2009.2.9.1596

File size:

66.5 KB (68,096 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

1/9/2007 3:09:42 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x1000

Entry point:

A1, 20, C1, 40, 00, C1, E0, 02, A3, 24, C1, 40, 00, 57, 51, 33, C0, BF, F0, EB, 40, 00, B9, 98, 25, 41, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 52, 6A, 00, E8, 1A, A7, 00, 00, 8B, D0, E8, 1B, 2A, 00, 00, 5A, E8, ED, 1B, 00, 00, E8, 14, 2A, 00, 00, 6A, 00, E8, 19, 36, 00, 00, 59, 68, E8, C0, 40, 00, 6A, 00, E8, F4, A6, 00, 00, A3, 28, C1, 40, 00, 6A, 00, E9, 70, 85, 00, 00, E9, 6F, 36, 00, 00, 33, C0, A0, 15, C1, 40, 00, C3, A1, 28, C1, 40, 00, C3, 68, AD, 0B, 00, 00, C3, B9, AC, 00, 00, 00, 0B, C9... 
[+]

Code size:

44 KB (45,056 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

windows

Command:

C:\windows\media\system.exe

Remove .tubemate.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.