» DevicePairing.exe
Overview
Analysis
File Details

DevicePairing.exe

Device Pairing Application

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file DevicePairing.exe, “Device Pairing Application” has been detected as malware by 14 anti-virus scanners.

File name:

DevicePairing.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Device Pairing Application

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

6234617a6729214ec9eabfb2220fc579

SHA-1:

edffa5677595ade864e7cb9be535950fdd04364c

SHA-256:

52701f4f7d5f0f475fb47b08c25857f7260a5e4229e4b26160d6a848edea6d92

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/26/2024 10:49:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2727703

435

Avira AntiVirus

TR/AD.VawtrakDropper.Y.150

8.3.2.2

Arcabit

Trojan.Generic.D299F17

1.0.0.527

avast!

Win32:Malware-gen

2014.9-151126

Bitdefender

Trojan.GenericKD.2727703

1.0.20.1650

Bkav FE

HW32.Packed

1.3.0.7133

Emsisoft Anti-Malware

Trojan.GenericKD.2727703

8.15.11.26.07

ESET NOD32

Win32/Kryptik.DWZQ (variant)

9.12258

K7 AntiVirus

Trojan

13.210.17225

Kaspersky

Backdoor.Win32.Papras

14.0.0.1061

McAfee

Artemis!6234617A6729

5600.6569

MicroWorld eScan

Trojan.GenericKD.2727703

16.0.0.990

Qihoo 360 Security

HEUR/QVM40.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

File size:

384 KB (393,216 bytes)

Product version:

6.1.7600.16385

Original file name:

DevicePairing.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\~00171d9e.tmp

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:z5BNj08wy1JUz8b7SYdMUi2xo09roNafOmMqRQErGLjYb1Y56:zVjHwy1JUAb7VdBn9oN+OfnEr3a5

Entry address:

0x10AA

Entry point:

E9, CE, 07, 00, 00, E9, A3, 11, 00, 00, E9, D5, 17, 00, 00, E9, 81, 06, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.2111

Packer / compiler:

Xtreme-Protector v1.05

Code size:

36 KB (36,864 bytes)

Remove DevicePairing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.