» {08370bd7-8143-43b5-a230-fe96ff1faa5b}
Overview
Analysis
File Details

{08370bd7-8143-43b5-a230-fe96ff1faa5b}

Ifabyhacijiby

The file {08370bd7-8143-43b5-a230-fe96ff1faa5b} has been detected as malware by 31 anti-virus scanners.

File name:

Publisher:

Ifabyhacijiby (signed and verified)

MD5:

5d794de4389c40ff08a66c0e6cf2163d

SHA-1:

da73b7d56ed2f2d7347057d4f11a6bbafaa70e5c

SHA-256:

67d6aedacfc51da63b05b4ce8fa3ca6bbe85c7866f99e5badf2d91a688693170

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/24/2024 3:56:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Rootkit.Necurs.AA

856

Agnitum Outpost

Trojan.DL.Necurs

7.1.1

AhnLab V3 Security

Backdoor/Win64.Necurs

2014.07.01

Avira AntiVirus

TR/Rootkit.Gen

7.11.157.186

avast!

Win64:Necurs-C [Rtk]

2014.9-141002

AVG

Hider

2015.0.3334

Baidu Antivirus

Trojan.Win64.Necurs

4.0.3.14102

Bitdefender

Rootkit.Necurs.AA

1.0.20.1375

Comodo Security

UnclassifiedMalware

18716

Dr.Web

Trojan.NtRootKit.16969

9.0.1.0275

Emsisoft Anti-Malware

Rootkit.Necurs.AA

8.14.10.02.03

ESET NOD32

Win64/TrojanDownloader.Necurs

8.10021

F-Secure

Rootkit.Necurs.AA

11.2014-02-10_5

G Data

Rootkit.Necurs.AA

14.10.24

IKARUS anti.virus

Trojan.Win64

t3scan.1.6.1.0

Kaspersky

Rootkit.Win64.Agent

14.0.0.3164

Malwarebytes

Rootkit.Necurs.GO

v2014.10.02.03

McAfee

RDN/Downloader.a!pk

5600.6990

Microsoft Security Essentials

Trojan:Win64/Necurs.A

1.10701

MicroWorld eScan

Rootkit.Necurs.AA

15.0.0.825

NANO AntiVirus

Trojan.Win64.NtRootKit.cuqqkm

0.28.0.60475

Norman

Suspicious_Gen4.FVYFF

11.20141002

Panda Antivirus

Trj/Necurs.A

14.10.02.03

Qihoo 360 Security

Win32/Trojan.Downloader.690

1.0.0.1015

Quick Heal

Trojan.Comitproc.A

10.14.14.00

Sophos

Troj/Necurs-BD

4.98

Trend Micro House Call

RTKT64_NECURS.SM

7.2.275

Trend Micro

RTKT64_NECURS.BG

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

30810

ViRobot

Trojan.Win64.A.RT-Agent.78792

2011.4.7.4223

XVirus List

Win64.Detected

2.10.2

File size:

76.9 KB (78,792 bytes)

Digital Signature

Signed by:

Ifabyhacijiby

Authority:

Ifabyhacijiby

Valid from:

2/25/2014 11:05:19 PM

Valid to:

1/1/2040 5:59:59 AM

Subject:

CN=Ifabyhacijiby

Issuer:

CN=Ifabyhacijiby

Serial number:

E5882A8AA40FE3AD4E76F9390BFA0367

File PE Metadata

Compilation timestamp:

2/25/2014 11:05:18 PM

OS version:

6.1

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

1536:jpmGvD5BtyGCFkHHrIlu5Jw8NaHr2CHL7OW:Vvd6lkHHEI5Jw9LR+W

Entry address:

0x13064

Entry point:

48, 83, EC, 28, 4C, 8B, C2, 4C, 8B, C9, E8, 95, FF, FF, FF, 49, 8B, D0, 49, 8B, C9, 48, 83, C4, 28, E9, AA, 2F, FF, FF, CC, CC, D0, 30, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4E, 32, 01, 00, 10, 70, 00, 00, C0, 30, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 78, 32, 01, 00, 00, 70, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5C, 32, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 66, 31, 01, 00, 00, 00, 00, 00, 7E, 31, 01, 00, 00, 00, 00, 00, 98, 31, 01, 00... 
[+]

Code size:

23 KB (23,552 bytes)

Remove {08370bd7-8143-43b5-a230-fe96ff1faa5b} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.