home

{02dfa1aa-ff59-4125-ab73-4a484d998e12}

Cards

Mason Inc.

The file {02dfa1aa-ff59-4125-ab73-4a484d998e12} has been detected as malware by 34 anti-virus scanners. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot.
Publisher:
Mason Inc.

Product:
Cards

Version:
1.00

MD5:
e09a8c3b8c3723086e4f13f9913375e3

SHA-1:
32f425ebe1d062e381457de73953bb67dc71ff32

SHA-256:
04810f1e7f6933b2cea03736f067b1db5b1f1805bed7671111c44e5ca7114f54

Scanner detections:
34 / 68

Status:
Malware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/19/2024 11:50:16 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1614427
856

Agnitum Outpost
Trojan.Injector
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.148.126

avast!
Win32:Rootkit-gen [Rtk]
2014.9-141002

AVG
Inject2
2015.0.3334

Baidu Antivirus
Trojan.Win32.Xtrat
4.0.3.14102

Bitdefender
Trojan.GenericKD.1614427
1.0.20.1375

Comodo Security
UnclassifiedMalware
18240

Dr.Web
Trojan.VbCrypt.250
9.0.1.0275

Emsisoft Anti-Malware
Trojan.GenericKD.1614427
8.14.10.02.03

ESET NOD32
Win32/AutoRun.IRCBot.HR
8.9775

Fortinet FortiGate
W32/VBKrypt.C!tr
10/2/2014

F-Secure
Trojan.GenericKD.1614427
11.2014-02-10_5

G Data
Trojan.GenericKD.1614427
14.10.24

IKARUS anti.virus
Trojan.Inject2
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12026

Kaspersky
Trojan.Win32.Xtrat
14.0.0.3164

Malwarebytes
Backdoor.Xtrat
v2014.10.02.03

McAfee
RDN/Sdbot.worm!by
5600.6990

Microsoft Security Essentials
Worm:Win32/IRCbot.I
1.10502

MicroWorld eScan
Trojan.GenericKD.1614427
15.0.0.825

NANO AntiVirus
Trojan.Win32.Xtrat.cvvxag
0.28.0.59608

Norman
VBInject.YR
11.20141002

nProtect
Trojan.GenericKD.1614427
14.05.08.01

Panda Antivirus
Trj/CI.A
14.10.02.03

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1015

Quick Heal
Worm.IRCbot.r3
10.14.14.00

Rising Antivirus
PE:Trojan.VBInject!1.64FE
23.00.65.14930

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0DCO14
7.2.275

Trend Micro
TROJ_GEN.R0CBC0DCO14
10.465.02

Vba32 AntiVirus
Trojan.Xtrat
3.12.26.0

VIPRE Antivirus
Virtool.Win32.VBInject.gen
29012

XVirus List
Win32.Detected
2.10.2

File size:
217.5 KB (222,731 bytes)

Product version:
1.00

Original file name:
Cards2.exe

File PE Metadata
Compilation timestamp:
3/19/2014 11:04:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:GfBkJgAf0fL0fTfqdfaAfWdxiyGc8B3z88e0CvWS0ZLi2rfypbrMMnoqbw+ZLQRn:GlAMD0bSdyAujir88e0LLi2resE9Owy

Entry address:
0x1E78

Entry point:
68, FC, 29, 40, 00, E8, F0, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 39, 6C, A8, 9B, 15, 83, 86, 44, B1, 04, AE, D5, B8, E1, 00, FC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 43, 61, 72, 64, 73, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 0D, 00, 00, 00, AE, B8, 8C, DA, F6, 51, EC, 46, AB, 42, CC, 42, DD, 26, 68, 54, 01, 00, 00, 00, 90, 00, 00, 00, A0, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
176 KB (180,224 bytes)

Remove {02dfa1aa-ff59-4125-ab73-4a484d998e12} - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.