» {218bc8d5-f755-460f-974e-95885ace93e9}
Overview
Analysis
File Details

{218bc8d5-f755-460f-974e-95885ace93e9}

The file {218bc8d5-f755-460f-974e-95885ace93e9} has been detected as malware by 23 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

Version:

0.0.0.0

MD5:

c403ff4a2a5dbb152273bbc803b92700

SHA-1:

de3f24e3e68e91a7d1b2fe9730109b32969dac34

SHA-256:

83104a63197c15082ca0a3d2c28c7a0833088071baedaa003085edfdf8961dd0

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

5/10/2024 5:09:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1751615

856

Avira AntiVirus

TR/Dropper.MSIL.Gen

7.11.160.234

avast!

MSIL:GenMalicious-AN [Trj]

2014.9-141002

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.14102

Bitdefender

Trojan.GenericKD.1751615

1.0.20.1375

Comodo Security

UnclassifiedMalware

18864

Emsisoft Anti-Malware

Trojan.GenericKD.1751615

8.14.10.02.03

ESET NOD32

MSIL/Injector.CBR (variant)

8.10101

Fortinet FortiGate

MSIL/Injector.CBR!tr

10/2/2014

F-Secure

Trojan.GenericKD.1751615

11.2014-02-10_5

G Data

Trojan.GenericKD.1751615

14.10.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12733

Kaspersky

Trojan-Spy.MSIL.KeyLogger

14.0.0.3164

McAfee

Artemis!C403FF4A2A5D

5600.6990

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.10802

MicroWorld eScan

Trojan.GenericKD.1751615

15.0.0.825

NANO AntiVirus

Trojan.Win32.CBR.dcdnwq

0.28.2.60881

Panda Antivirus

Trj/CI.A

14.10.02.03

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0710

7.2.275

VIPRE Antivirus

Trojan.Win32.Generic

31306

File size:

672 KB (688,128 bytes)

Product version:

0.0.0.0

Original file name:

AccountsTankiOnlineGenerallisimo.exe

File PE Metadata

Compilation timestamp:

7/10/2014 6:41:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:yVnPPmO4bT7B6e/wLkTbl/T1kJEMyVH1Xgwj8J12JXlsD1424tCJUsAXnT4Nte1M:yROxX0rAB/T1k7yweCBevxGgtpciTX

Entry address:

0x3F9FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

247 KB (252,928 bytes)

Remove {218bc8d5-f755-460f-974e-95885ace93e9} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.