» 2470.exe
Overview
Analysis
File Details

2470.exe

The executable 2470.exe has been detected as malware by 25 anti-virus scanners.

File name:

2470.exe

MD5:

2be2eb55a49efa0c37e77fb83c460fb0

SHA-1:

f442c3fa7c59fafe50aa90e890fdd76a5e2db7b9

SHA-256:

33fb344db637353dbba487684160f6b4f0a525f10f34b2ea358557fcf825be15

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/26/2024 6:15:03 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDZ.25887

868

AhnLab V3 Security

Trojan/Win32.Injector

2014.09.20

avast!

Win32:Agent-AUDA [Trj]

140908-2

AVG

Trojan horse Inject2.AVBF

2014.0.4015

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.14919

Bitdefender

Trojan.GenericKDZ.25887

1.0.20.1310

Bkav FE

W32.MamonsoK.Trojan

1.3.0.4959

Clam AntiVirus

Win.Trojan.Injector-12785

0.98/21411

Dr.Web

Trojan.DownLoader11.16215

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKDZ.25887

8.14.09.19.06

ESET NOD32

Win32/Injector.BLQQ (variant)

8.10443

Fortinet FortiGate

W32/Injector.GLA!tr

9/19/2014

F-Secure

Trojan.GenericKDZ.25887

11.2014-19-09_6

G Data

Trojan.GenericKDZ.25887

14.9.24

Kaspersky

Trojan.Win32.Agentb

15.0.0.494

Microsoft Security Essentials

Threat.Undefined

1.185.233.0

MicroWorld eScan

Trojan.GenericKDZ.25887

15.0.0.786

NANO AntiVirus

Trojan.Win32.DownLoader11.derqzn

0.28.2.62151

Norman

Injector.HHJN

11.20140919

nProtect

Trojan.GenericKDZ.25887

14.09.19.01

Rising Antivirus

PE:Trojan.Win32.Generic.174403DA!390333402

23.00.65.14917

Sophos

Troj/Wonton-HG

4.98

Total Defense

Win32/Tnega.dQPAIFC

37.0.11189

Vba32 AntiVirus

Trojan.Agentb

3.12.26.3

Zillya! Antivirus

Trojan.Agentb.Win32.5254

2.0.0.1927

File size:

163.7 KB (167,608 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\2470.exe

File PE Metadata

Compilation timestamp:

9/9/2014 2:31:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:zoWu0MCJzzNfT5p9Q+t+SCHe5RKGRY+jGKyymUr4RacWY1ZjJWa:zpFjQ+5YkySM4ajJWa

Entry address:

0x336C

Entry point:

E8, A2, 43, 00, 00, E9, 1E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 0C, DD, 14, 24, E8, DD, 46, 00, 00, E8, 0D, 00, 00, 00, 83, C4, 0C, C3, 8D, 54, 24, 04, E8, 88, 46, 00, 00, 52, 9B, D9, 3C, 24, 8B, 44, 24, 0C, 74, 51, 66, 81, 3C, 24, 7F, 02, 74, 05, E8, 40, 46, 00, 00, A9, 00, 00, 00, 80, 75, 1F, D9, FA, 83, 3D, 4C, 71, 42, 00, 00, 0F, 85, B3, 46, 00, 00, BA, 05, 00, 00, 00, 8D, 0D, 40, 4A, 42, 00, E9, B0, 46, 00, 00, A9, 00, 00, F0, 7F, 75, 2C, A9, FF, FF, 0F, 00, 75, 25, 83, 7C, 24... 
[+]

Entropy:

4.8718

Code size:

53 KB (54,272 bytes)

Remove 2470.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.