» 0aa93035f26b4d4292fbfc972ce86264
Overview
Analysis
File Details

0aa93035f26b4d4292fbfc972ce86264

Stub

The file 0aa93035f26b4d4292fbfc972ce86264 has been detected as a potentially unwanted program by 26 anti-malware scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

Product:

Stub

Version:

1.0.0.0

MD5:

0aa93035f26b4d4292fbfc972ce86264

SHA-1:

5db8a5285b59612d2013e47b52b778342f6dfa42

SHA-256:

da4f8f6ad61cbcd12f2cb06887c512256ea9cc1936d477bc7dc5ff6028ff53a2

Scanner detections:

26 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 4:37:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.MSIL.Krypt.5

804

Avira AntiVirus

TR/Hijacker.A.31

7.11.187.70

avast!

Win32:Malware-gen

2014.9-141123

AVG

MSIL5

2015.0.3282

Baidu Antivirus

Hacktool.Win32.NetPass

4.0.3.141123

Bitdefender

Gen:Heur.MSIL.Krypt.5

1.0.20.1635

Dr.Web

Trojan.PWS.Stealer.13336

9.0.1.0327

Emsisoft Anti-Malware

Gen:Heur.MSIL.Krypt

8.14.11.23.09

ESET NOD32

MSIL/Autorun.Spy.Agent.AU (variant)

8.10748

Fortinet FortiGate

MSIL/Injector.PE!tr

11/23/2014

F-Secure

Gen:Heur.MSIL.Krypt.5

11.2014-23-11_1

G Data

Gen:Heur.MSIL.Krypt

14.11.24

IKARUS anti.virus

HackTool.Win32.MSNPass

t3scan.1.8.3.0

Kaspersky

not-a-virus:HEUR:Monitor.MSIL.KeyLogger

14.0.0.2903

Malwarebytes

Trojan.Passwords

v2014.11.23.09

McAfee

Artemis!0AA93035F26B

5600.6938

Microsoft Security Essentials

TrojanSpy:MSIL/Golroted.A

1.11202

MicroWorld eScan

Gen:Heur.MSIL.Krypt.5

15.0.0.981

NANO AntiVirus

Trojan.Win32.Inject.didvzl

0.28.6.63474

Norman

Kryptik.STUB

11.20141123

Qihoo 360 Security

Win32/Trojan.895

1.0.0.1015

Rising Antivirus

PE:Trojan.MSIL.KeyLogger!1.647D

23.00.65.141121

Sophos

Mal/MsilKlog-D

4.98

Trend Micro House Call

TROJ_GEN.R047C0DKJ14

7.2.327

Trend Micro

TROJ_GEN.R047C0DKJ14

10.465.23

Vba32 AntiVirus

Trojan.MSIL.Inject

3.12.26.3

File size:

540.5 KB (553,472 bytes)

Product version:

1.0.0.0

Original file name:

Stub.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\91\0aa93035f26b4d4292fbfc972ce86264

File PE Metadata

Compilation timestamp:

11/17/2014 2:51:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:Zu2GiFbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9JIJ:jQtqB5urTIoYWBQk1E+VF9mOx9Ju

Entry address:

0x85B8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.5060

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

527 KB (539,648 bytes)

Remove 0aa93035f26b4d4292fbfc972ce86264 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.