» {1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}.exe
Overview
Analysis
File Details
Behaviors (1)

{1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}.exe

The executable {1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}.exe has been detected as malware by 17 anti-virus scanners.

File name:

MD5:

913d7fab041a51dcc6629da625f6350e

SHA-1:

d6af2e4e6e803c6017b7e67f0892a73b15106edd

SHA-256:

8b39ce9721c54ef5062c4675b72af8abe947531106932592d710ee77a68bacaa

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/19/2024 12:20:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.402051

922

Avira AntiVirus

TR/Crypt.ZPACK.89678

7.11.158.148

avast!

Win32:Trojan-gen

2014.9-140727

AVG

Crypt_s

2015.0.3400

Baidu Antivirus

Trojan.Win32.Kovter

4.0.3.14727

Bitdefender

Gen:Variant.Kazy.402051

1.0.20.1040

Emsisoft Anti-Malware

Gen:Variant.Kazy.402051

8.14.07.27.09

ESET NOD32

Win32/Kovter

8.10048

F-Secure

Gen:Variant.Kazy.402051

11.2014-27-07_1

G Data

Gen:Variant.Kazy.402051

14.7.24

Kaspersky

Trojan.Win32.Yakes

14.0.0.3496

McAfee

Artemis!913D7FAB041A

5600.7056

MicroWorld eScan

Gen:Variant.Kazy.402051

15.0.0.624

NANO AntiVirus

Trojan.Win32.Yakes.dbwymw

0.28.0.60577

Panda Antivirus

Trj/CI.A

14.07.27.09

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

30978

File size:

245.1 KB (250,933 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\microsoft\{1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}\{1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}.exe

File PE Metadata

Compilation timestamp:

6/17/2014 9:53:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

4.135

CTPH (ssdeep):

6144:wgnpzhiU0EDoU+5efkq8wfzF66Y52GhjtY:3zP0goLk58sFI52GhjS

Entry address:

0x23FF

Entry point:

55, 54, 5D, E8, 4A, 00, 00, 00, 51, B4, 50, 2B, D0, 2B, C1, 42, 01, 35, AD, BE, 43, 00, 8D, 04, 81, 4F, 58, 6B, F2, 63, E8, FD, FD, FF, FF, 47, 50, E8, A3, FD, FF, FF, 58, 01, 35, 96, E4, 42, 00, 33, C9, 42, 8B, 15, CF, 39, 42, 00, 05, 3C, 0B, 00, 00, 5F, 46, 5E, 5B, 5A, 5D, 59, 40, 51, FF, 34, 24, 48, 50, 8B, 6C, 24, 0C, C3, 55, 41, 52, 03, C6, 53, 56, 57, 29, 0D, 29, 58, 43, 00, 8B, 44, 24, 14, 8D, 58, 13, 50, 2B, EF, 2B, D8, E8, B4, 01, 00, 00, 50, 03, DF, E8, 20, 00, 00, 00, 01, 2D, D7, CB, 42, 00, 8D... 
[+]

Entropy:

5.8007

Code size:

6 KB (6,144 bytes)

Policies Explorer Run

Name:

{1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}

Remove {1566f91a-5ca2-7c33-bb87-aff6a7cdea4e}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.