home

01422508641164.exe

Hydro Solution

Samsung Electronics Co., Ltd.

The application 01422508641164.exe by Samsung Electronics Co. has been detected as a potentially unwanted program by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘YkmPack’.
Publisher:
Hydro Solution ® 2015  (signed by Samsung Electronics Co., Ltd.)

Product:
Hydro Solution

Version:
3.06.0004

MD5:
a3db52fc70622c2ca0c3902e94006cfb

SHA-1:
124310f89f9fc2ef94f48c91755a50f495fd7d97

SHA-256:
bcb4f077cf8802714e27cc74970757dae29f848ce2ae41997ffd9cb40c1058e2

Scanner detections:
23 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:09:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.124747
187

Avira AntiVirus
TR/Boaxxe.A.393
7.11.207.154

avast!
Win32:Malware-gen
2014.9-160801

AVG
Inject2
2017.0.2665

Baidu Antivirus
Trojan.Win32.Muref
4.0.3.1681

Bitdefender
Gen:Variant.Zusy.124747
1.0.20.1070

Emsisoft Anti-Malware
Gen:Variant.Zusy.124747
8.16.08.01.02

ESET NOD32
Win32/Injector.BTUC (variant)
10.11130

Fortinet FortiGate
W32/Muref.BY!tr
8/1/2016

F-Secure
Gen:Variant.Zusy.124747
11.2016-01-08_2

G Data
Gen:Variant.Zusy.124747
16.8.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.193.14880

Kaspersky
Trojan.Win32.Muref
14.0.0.-180

McAfee
RDN/Generic.dx!d2t
5600.6321

Microsoft Security Essentials
Trojan:Win32/Miuref.F
1.1.11302.0

MicroWorld eScan
Gen:Variant.Zusy.124747
17.0.0.642

Panda Antivirus
Trj/CI.A
16.08.01.02

Qihoo 360 Security
Win32/Trojan.BO.c6d
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R021C0DB315
7.2.214

Trend Micro
TROJ_GEN.R021C0DB315
10.465.01

VIPRE Antivirus
Trojan.Win32.Generic
37290

File size:
241.9 KB (247,712 bytes)

Product version:
3.06.0004

Copyright:
Hydro Solution

Trademarks:
Hydro Solution

Original file name:
Hydro Solution.exe

File type:
Executable application (Win32 EXE)

Language:
Taiwanese

Common path:
C:\users\{user}\appdata\local\ykmpack\01422508641164.exe

Digital Signature
Signed by:
Samsung Electronics Co., Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/9/2012 6:25:07 AM

Valid to:
10/10/2015 6:25:07 AM

Subject:
CN="Samsung Electronics Co., Ltd.", O="Samsung Electronics Co., Ltd.", L=Hwasung-City, S=Gyeonggi-Do / Korea, C=KR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D54C6060D0ACF70C52CEAC844116F169

File PE Metadata
Compilation timestamp:
11/21/2014 5:55:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:0gIOHiAIKpg3L8mwfVUxyVLeUAoUTe5ioeLw:F1jfpTaWULw

Entry address:
0x12F0

Entry point:
68, 08, 63, 42, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, F4, 0F, A2, FE, 5B, 51, 2D, 44, 86, 54, C6, 54, 45, 65, AB, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4B, 69, 6E, 64, 65, 72, 66, FC, 72, 73, 6F, 72, 67, 65, 72, 6E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0F, B8, 77, BD, C8, E7, CE, 0B, 4C, B3, DC, BF, EF, D8, EF, E4, F7, C3, 67, D1, 60, BF, 01, 95, 40, 9C, 51, 43, 6E, A7, 42, A7, 1A, 3A, 4F, AD...
 
[+]

Entropy:
5.1092

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
212 KB (217,088 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
YkmPack

Command:
C:\users\{user}\appdata\local\ykmpack\01422508641164.exe


Remove 01422508641164.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.