home

00136bfb.exe

{70166A21-2F6A-4CC0-822C-607696D8F4B7}

The executable 00136bfb.exe has been detected as malware by 31 anti-virus scanners.
Publisher:
{70166A21-2F6A-4CC0-822C-607696D8F4B7}  (signed and verified)

MD5:
19d75872f0ad5445609c03f4adb89ec5

SHA-1:
577b5635adbf8b4e03a263c14ec21750010a9473

SHA-256:
e116dd5f1034a6197a18d1b58f276952e7547369ef7426ee47176be5410bb839

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/19/2024 3:32:24 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1660358
810

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Backdoor/Win32.Necurs
14.11.16

Avira AntiVirus
TR/Rogue.182336.1
7.11.150.126

avast!
Win32:Malware-gen
2014.9-141116

AVG
MSIL3
2015.0.3288

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.141116

Bitdefender
Trojan.GenericKD.1660358
1.0.20.1600

Comodo Security
UnclassifiedMalware
18303

Emsisoft Anti-Malware
Trojan.GenericKD.1660358
8.14.11.16.08

ESET NOD32
MSIL/Injector.DMR (variant)
8.9822

Fortinet FortiGate
W32/Inject.DMR!tr
11/16/2014

F-Secure
Trojan.GenericKD.1660358
11.2014-16-11_1

G Data
Trojan.GenericKD.1660358
14.11.24

IKARUS anti.virus
Trojan-Signed:Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12128

Kaspersky
Trojan.Win32.Inject
14.0.0.2936

Malwarebytes
Trojan.Inject
v2014.11.16.08

McAfee
PWSZbot-FXD!19D75872F0AD
5600.6944

MicroWorld eScan
Trojan.GenericKD.1660358
15.0.0.960

Norman
Troj_Generic.TTKFY
11.20141116

nProtect
Trojan.GenericKD.1660358
14.05.19.01

Panda Antivirus
Generic Malware
14.11.16.08

Qihoo 360 Security
Win32/Trojan.c2e
1.0.0.1015

Quick Heal
Trojan.Inject.r3
11.14.14.00

Sophos
Troj/MSIL-RD
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0UE314
7.2.320

Trend Micro
TROJ_GEN.R0CBC0UE314
10.465.16

Vba32 AntiVirus
Trojan.Inject
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29402

Zillya! Antivirus
Trojan.Inject.Win32.73191
2.0.0.1794

File size:
178.1 KB (182,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\00136bfb.exe

Digital Signature
Signed by:
{70166A21-2F6A-4CC0-822C-607696D8F4B7}

Authority:
{70166A21-2F6A-4CC0-822C-607696D8F4B7}

Valid from:
4/19/2014 6:47:18 AM

Valid to:
4/19/2015 12:47:18 PM

Subject:
CN={70166A21-2F6A-4CC0-822C-607696D8F4B7}

Issuer:
CN={70166A21-2F6A-4CC0-822C-607696D8F4B7}

Serial number:
3F0DF1EBD88FB1B94D119CFFAC6B01C9

File PE Metadata
Compilation timestamp:
4/29/2014 5:05:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:uNLmWc7VqrMIwpPdXQyPL9kZ6nsM5VT7gBwpS5uZ24WutIXInF/G94MIn:ULsNxmyTC6nVBzFMIn

Entry address:
0x2D47E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.1344

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
173.5 KB (177,664 bytes)

Remove 00136bfb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.