home

{00001ed4-b1be-7b30}

BullGuard Ltd.

The file {00001ed4-b1be-7b30} has been detected as malware by 7 anti-virus scanners.
Publisher:
BullGuard Ltd.  (signed and verified)

MD5:
15b8671b9e13c39c831f9dc73929b8aa

SHA-1:
1215a8fbb1cd5fd4dce326c52924a2e4f4cad13d

SHA-256:
a48380f06ab1779e7c6e9ad77deeac794b7c06f72e81dd8f9512938b0aa1c2ba

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/16/2024 5:23:12 AM UTC  (today)

Scan engine
Detection
Engine version

G Data
Win32.Trojan.Agent.T0WI5P
16.2.25

IKARUS anti.virus
Trojan.Win32.Trustezeb
t3scan.1.9.5.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.662

McAfee
Artemis!15B8671B9E13
5600.6489

Microsoft Security Essentials
Ransom:Win32/Nymaim.F
1.1.12101.0

Panda Antivirus
Trj/Genetic.gen
16.02.14.04

Sophos
Mal/Generic-S
4.98

File size:
523.3 KB (535,848 bytes)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{00001ed4-b1be-7b30}

Digital Signature
Signed by:
BullGuard Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/3/2013 12:17:17 PM

Valid to:
11/28/2015 10:07:14 AM

Subject:
CN=BullGuard Ltd., OU=IT, O=BullGuard Ltd., L=Heathrow, S=Middlesex, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215F21A71B97B71413D7ABE170135E2B7E

File PE Metadata
Compilation timestamp:
10/31/2007 10:11:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
3.92

CTPH (ssdeep):
12288:C6S9x3keFUy1y4NTFJrmz36S9x3keFUy1y4NTFJrmH6S9x3keFUy1y4NTFJrmd0J:q35R35JS35R35JG35R35JWI

Entry address:
0x332C

Entry point:
55, 8B, EC, 83, C4, C8, BF, 5F, 0D, 00, 00, 8B, F7, BA, A7, 7E, 00, 00, 03, D0, EB, 28, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 01, 00, 00, 00, 68, 34, E2, 42, 00, 68, 01, 01, 00, 00, FF, 15, C0, C0, 46, 00, 8B, C8, 68, A8, E6, 42, 00, FF, 15, F4, C0, 46, 00, A3, 00, E2, 42, 00, 33, C0, 50, 6A, 00, FF, 15, C0, C0, 46, 00, 89, 45, D0, 3D, 6C, 27, 00, 00, 0F, 85, 7F, E8, FF, FF, BE, 20, 00, 00, 00, 89, 75...
 
[+]

Entropy:
7.2650

Developed / compiled with:
Microsoft Visual C++

Code size:
20.5 KB (20,992 bytes)

Remove {00001ed4-b1be-7b30} - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.