» 16fc0742-778a-dbf1-32b5-f0c03a9a1623.exe
Overview
Analysis
File Details

16fc0742-778a-dbf1-32b5-f0c03a9a1623.exe

The application 16fc0742-778a-dbf1-32b5-f0c03a9a1623.exe has been detected as a potentially unwanted program by 20 anti-malware scanners.

File name:

MD5:

1adc3483f0ee81cc6a7a82195183ef4a

SHA-1:

4c49f526e317570dfc1b41e0c004d91fe34d9734

SHA-256:

145a1ac541ef5f663b2f11a90c5df8e10ae59198850c8ed0c5f1a17d8feb9f79

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:43:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Zusy.132667

678

Avira AntiVirus

Adware/AddLyrics.475648.26

7.11.218.126

AVG

AddLyrics_r

2016.0.3156

Baidu Antivirus

Adware.Win32.AddLyrics

4.0.3.15328

Bitdefender

Gen:Variant.Adware.Zusy.132667

1.0.20.435

Dr.Web

Trojan.Revizer.517

9.0.1.087

Emsisoft Anti-Malware

Gen:Variant.Adware.Zusy.132667

8.15.03.28.07

ESET NOD32

Win32/Adware.AddLyrics.DY (variant)

9.11344

Fortinet FortiGate

Riskware/AddLyrics

3/28/2015

F-Secure

Gen:Variant.Adware.Zusy

11.2015-28-03_7

G Data

Gen:Variant.Adware.Zusy.132667

15.3.25

McAfee

Artemis!1ADC3483F0EE

5600.6812

MicroWorld eScan

Gen:Variant.Adware.Zusy.132667

16.0.0.261

NANO AntiVirus

Riskware.Win32.AddLyrics.dpbeol

0.30.8.659

Qihoo 360 Security

Win32/Virus.Adware.ea1

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.28.19

Rising Antivirus

PE:Malware.Obscure/Heur!1.9E03

23.00.65.15326

SUPERAntiSpyware

Adware.AddLyrics/Variant

9969

Trend Micro House Call

TROJ_GEN.R0C1H09CG15

7.2.87

VIPRE Antivirus

Trojan.Win32.Generic

38564

File size:

464.5 KB (475,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\16fc0742-778a-dbf1-32b5-f0c03a9a1623.exe

File PE Metadata

Compilation timestamp:

3/16/2015 10:08:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:uwCvD8vFXjoMDMs8LRi3hMQPVlBqXDvafW/fsqkwgUXQ8aW:uBovFXjoMDMTY36QXBqGfW/qi4W

Entry address:

0x2A188

Entry point:

E8, 1D, CA, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 45, CB, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 10, 50, 6A, 00, FF, 75, 0C, FF, 75, 08, E8, 67, CB, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 4D, CB, 00, 00, 83, C4, 10, 5D, C3, 55, 8B, EC, 8D, 45, 14, 50, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 51, CB, 00, 00, 83, C4, 10, 5D, C3, 6A, 0C, 68, F0, 23, 46, 00, E8, EB, 26, 00, 00, 33, C0, 8B... 
[+]

Entropy:

6.4765

Code size:

330.5 KB (338,432 bytes)

Remove 16fc0742-778a-dbf1-32b5-f0c03a9a1623.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.