home

234923.exe

http:\\Setaward.cz

Postbox, Inc.

The executable 234923.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Oggics’.
Publisher:
Postbox, Inc.  (signed and verified)

Product:
http:\\Setaward.cz

Version:
7.01.0005

MD5:
3020bb43b1acbcaefe65a81237a3751d

SHA-1:
367c60ff78ddce6d979d8f6e77c8a021b8c96abd

SHA-256:
1dc850cda389d65fae908005e9d7e33e21ad2d9e3971ca6997049fa1371ae467

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
7/7/2025 1:10:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15769679
20

AegisLab AV Signature
Troj.W32.Inject!c
2.1.4+

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.VBNA
2016.02.11

Avira AntiVirus
TR/Dropper.VB.47337
8.3.3.2

Arcabit
Trojan.Generic.DF0A04F
1.0.0.653

avast!
Win32:Malware-gen
2014.9-170115

AVG
Inject3
2018.0.2498

Bitdefender
Trojan.Generic.15769679
1.0.20.75

Comodo Security
UnclassifiedMalware
24164

Dr.Web
Trojan.Boaxxe.484
9.0.1.015

Emsisoft Anti-Malware
Trojan.Generic.15769679
8.17.01.15.08

ESET NOD32
Win32/Injector.CQVS (variant)
11.13012

Fortinet FortiGate
W32/Inject.VTIF!tr
1/15/2017

F-Secure
Trojan.Generic.15769679
11.2017-15-01_1

G Data
Trojan.Generic.15769679
17.1.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.2.0.6.0

K7 AntiVirus
Trojan
13.213.18713

Kaspersky
Trojan.Win32.Inject
14.0.0.-1017

Malwarebytes
Trojan.Kovter
v2017.01.15.08

McAfee
RDN/Generic.dx
5600.6154

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12400.0

MicroWorld eScan
Trojan.Generic.15769679
18.0.0.45

NANO AntiVirus
Trojan.Win32.CQVS.dzwtrm
1.0.14.6071

nProtect
Trojan.GenericKD.3012473
16.02.05.01

Panda Antivirus
Trj/GdSda.A
17.01.15.08

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R03EC0DAR16
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
47128

File size:
180.8 KB (185,152 bytes)

Product version:
7.01.0005

Copyright:
http:\\Setaward.cz

Trademarks:
http:\\Setaward.cz

Original file name:
Frap.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\oggics\234923.exe

Digital Signature
Signed by:
Postbox, Inc.

Authority:
COMODO CA Limited

Valid from:
11/4/2015 5:30:00 AM

Valid to:
11/4/2017 5:29:59 AM

Subject:
CN="Postbox, Inc.", O="Postbox, Inc.", STREET="809 Laurel Street #999", L=San Carlos, S=CA, PostalCode=94070, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00CFA795827676DED8854D8C8B8844BDA7

File PE Metadata
Compilation timestamp:
2/3/2016 2:57:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x127C

Entry point:
68, 9C, DD, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0D, 3E, 2E, CE, BB, 8E, 1B, 40, A6, EC, C8, 7C, A4, B0, 72, 5D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 75, 73, 6C, 61, 6E, 64, 73, 65, 72, 6C, F6, 73, 65, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, 76, A6, 54, F8, D6, C1, 31, 48, 97, 99, 63, D7, 19, 9A, F4, 7A, AA, 1E, 0F, 26, 9A, BD, AF, 4D, BD, 52, 8B, 08, 68, 75, CA, C6, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
5.8768

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
164 KB (167,936 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Oggics

Command:
C:\users\{user}\appdata\local\oggics\234923.exe


Remove 234923.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.