» 1491944748.whaat.exe
Overview
Analysis
File Details
Downloads (1)

1491944748.whaat.exe

tr

Any-Video-Converter.com

The executable 1491944748.whaat.exe has been detected as malware by 33 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from directxex.com.

File name:

Publisher:

Any-Video-Converter.com

Product:

Description:

Scuffler nonsa

Version:

1.27.0009

MD5:

2e01d0e03a0851680dc0d4ce9fb62a79

SHA-1:

b84af4b7e9796d6d82d4fbb76b1e77cb165f1c77

SHA-256:

23debd065329c2fc62b5a94d9d86521beee84f1d830a7fd709963e435c9b5167

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/19/2024 11:43:04 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1585265

1055

Agnitum Outpost

Backdoor.Androm

7.1.1

AhnLab V3 Security

Spyware/Win32.Zbot

2014.03.12

Avira AntiVirus

TR/Dropper.VB.12195

7.11.136.98

avast!

Win32:Malware-gen

2014.9-140316

AVG

BackDoor.Generic18

2015.0.3533

Baidu Antivirus

Backdoor.Win32.Androm

4.0.3.14316

Bitdefender

Trojan.GenericKD.1585265

1.0.20.375

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

17915

Dr.Web

Trojan.Siggen4.20010

9.0.1.075

Emsisoft Anti-Malware

Trojan.GenericKD.1585265

8.14.03.16.04

ESET NOD32

Win32/Injector.AYZJ (variant)

8.9530

Fortinet FortiGate

W32/Boaxxe.BVB!tr

3/16/2014

F-Secure

Trojan.GenericKD.1585265

11.2014-16-03_1

G Data

Trojan.GenericKD.1585265

14.3.24

IKARUS anti.virus

Backdoor.Win32.Androm

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11408

Kaspersky

Backdoor.Win32.Androm

14.0.0.4162

Malwarebytes

Backdoor.Bot

v2014.03.16.04

McAfee

PWSZbot-FLW!2E01D0E03A08

5600.7189

Microsoft Security Essentials

Worm:Win32/Gamarue.I

1.10302

MicroWorld eScan

Trojan.GenericKD.1585265

15.0.0.225

Norman

Suspicious_Gen5.AMNEM

11.20140316

nProtect

Trojan.GenericKD.1585265

14.03.11.02

Panda Antivirus

Generic Malware

14.03.16.04

Qihoo 360 Security

Win32/Trojan.07f

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14314

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DC314

7.2.75

Trend Micro

TROJ_GEN.R0CBC0DC314

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

27288

XVirus List

Win.Detected

2.3.31

File size:

448 KB (458,752 bytes)

Product version:

1.27.0009

Geomagne glossoce chengal 2001

Original file name:

Importun.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\1491944748.whaat.exe

File PE Metadata

Compilation timestamp:

2/25/2014 10:09:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:QtDp2gUkdGcfyZ2Rq/Mg7Ps6tEvUxIW/i1IY79++FUrBLPbHp7g01yKD+0L1ijFE:QtDp2qGwgThrxQLo+6lLP9k01dfwWx

Entry address:

0x12D8

Entry point:

68, EC, 14, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 3A, A6, 67, CB, D5, FF, F5, 48, 84, 5F, 9A, 8A, 25, F4, 6F, F4, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 64, 72, 65, 6E, 61, 6C, 65, 63, 74, 6F, 6D, 69, 7A, 65, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 9A, 72, 04, E4, E7, 6D, 13, 46, B7, 2A, F1, 55, 5A, A2, 7B, 28, 1F, 39, 8E, 34, E2, 05, A7, 4D, BC, 47, 19, 1F, 60, 93, 7B, A5, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

7.8129

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

436 KB (446,464 bytes)

The file 1491944748.whaat.exe has been seen being distributed by the following URL.

http://directxex.com/.../1491944748.whaat.exe

Remove 1491944748.whaat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.