» {0c90965d-c2d4-4f81-9da4-3d061a29f021}
Overview
Analysis
File Details

{0c90965d-c2d4-4f81-9da4-3d061a29f021}

Microsoft Windows 2000 Operating System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file {0c90965d-c2d4-4f81-9da4-3d061a29f021}, “IP/ATM Arp Client” has been detected as malware by 30 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft(R) Windows (R) 2000 Operating System

Description:

IP/ATM Arp Client

Version:

1.00

MD5:

1eae046083c00854a61a845b799e72c6

SHA-1:

562d79f5806e98f4c63c6d334c6cac5853855984

SHA-256:

e3028d7976cb39ab70e2a8d41aeefb64b52b6ecd37b2cf18715a31237d4eafed

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/20/2024 3:07:04 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.7095193

856

Avira AntiVirus

TR/Offend.7095193

7.11.160.46

avast!

Win32:Turla-O [Rtk]

2014.9-141002

AVG

BackDoor.Generic15

2015.0.3334

Baidu Antivirus

Trojan.Win32.Rootkit

4.0.3.14102

Bitdefender

Trojan.Generic.7095193

1.0.20.1375

Bkav FE

W32.Clodc50.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

18839

Dr.Web

Trojan.NtRootKit.12833

9.0.1.0275

Emsisoft Anti-Malware

Trojan.Generic.7095193

8.14.10.02.03

ESET NOD32

Win32/Agent.TCP (variant)

8.10079

Fortinet FortiGate

W32/Agent.BIYA!tr.rkit

10/2/2014

F-Secure

Trojan.Generic.7095193

11.2014-02-10_5

G Data

Trojan.Generic.7095193

14.10.24

IKARUS anti.virus

Rootkit.Win32.Agent

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12683

Kaspersky

Rootkit.Win32.Agent

14.0.0.3164

McAfee

HideMost!sys

5600.6990

MicroWorld eScan

Trojan.Generic.7095193

15.0.0.825

NANO AntiVirus

Trojan.Win32.Agent2.oxpwp

0.28.0.60698

Norman

Suspicious_Gen4.IKEA

11.20141002

nProtect

Trojan.Generic.7095193

14.07.09.03

Panda Antivirus

Generic Rootkit

14.10.02.03

Qihoo 360 Security

Win32/Trojan.712

1.0.0.1015

Sophos

Troj/Turla-F

4.98

Trend Micro

RTKT_HIDEMOS.YAK

10.465.02

Vba32 AntiVirus

Rootkit.Turla

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

31174

XVirus List

Win32.Detected

2.10.2

Zillya! Antivirus

Rootkit.Agent.Win32.12033

2.0.0.1855

File size:

398.6 KB (408,192 bytes)

Product version:

1.01

Original file name:

atmarpd.sys

File PE Metadata

Compilation timestamp:

10/30/2009 5:06:42 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.10

CTPH (ssdeep):

6144:pkAhLzRV2jrhkJ8OlwoW0mAfd7qjKQeoz9fGN6zl9HaS9qP1X8Ni+GZe1f/:3z3qrGblRQeozVGN6zF21QBGM1f

Entry address:

0x60C90

Entry point:

56, 57, E8, 54, 16, FB, FF, BE, 00, 00, 00, C0, 8B, F8, 23, C6, 3B, C6, 74, 15, FF, 74, 24, 10, FF, 74, 24, 10, E8, 4B, FD, FF, FF, 8B, F8, 23, C6, 3B, C6, 75, 05, E8, 91, 15, FB, FF, 8B, C7, 5F, 5E, C2, 08, 00, CC, 23, 23, 43, 44, 20, 25, 53, 21, 0A, 00, 00, 00, 23, 23, 43, 44, 20, 25, 53, 20, 28, 30, 78, 25, 30, 38, 78, 29, 21, 0A, 00, 00, 5C, 00, 42, 00, 61, 00, 73, 00, 65, 00, 4E, 00, 61, 00, 6D, 00, 65, 00, 64, 00, 4F, 00, 62, 00, 6A, 00, 65, 00, 63, 00, 74, 00, 73, 00, 5C, 00, 66, 00, 30, 00, 66, 00... 
[+]

Code size:

82.1 KB (84,096 bytes)

Remove {0c90965d-c2d4-4f81-9da4-3d061a29f021} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.