» 28555050-sample
Overview
Analysis
File Details

28555050-sample

VIST

The file 28555050-sample by VIST has been detected as a potentially unwanted program by 31 anti-malware scanners.

File name:

28555050-sample

Publisher:

VIST (signed and verified)

MD5:

004b6e368232874250d75367e95a7e7c

SHA-1:

0bf69f07d22ec089a2319a0b34a7d6a5aa77160c

SHA-256:

36a41052911ae658811035c8ed6f9944bbd79ed8eed199179d25b141b0c79696

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

5/7/2024 6:39:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.38439

766

AhnLab V3 Security

Malware/Win32.Generic

2014.12.06

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.193.22

avast!

Win32:LoadMoney-EB [PUP]

2014.9-141231

AVG

Agent_r

2015.0.3244

Bitdefender

Gen:Variant.Symmi.38439

1.0.20.1825

Comodo Security

ApplicUnwnt.Win32.Hoax.ArchSMS.BMPC

20287

Dr.Web

Trojan.LoadMoney.15

9.0.1.0365

ESET NOD32

Win32/Kryptik.BUEA (variant)

8.10834

Fortinet FortiGate

W32/Kryptik.LMCZ!tr

12/31/2014

F-Prot

W32/LoadMoney.X4.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Symmi.38439

11.2014-31-12_4

G Data

Gen:Variant.Symmi.38439

14.12.24

IKARUS anti.virus

Trojan.Win32.Spy2

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.186.14254

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

14.0.0.2714

Malwarebytes

PUP.Optional.Vist

v2014.12.31.06

McAfee

Packed-AH!004B6E368232

5600.6900

Microsoft Security Essentials

TrojanDownloader:Win32/Ogimant.A

1.11202

MicroWorld eScan

Gen:Variant.Symmi.38439

15.0.0.1095

NANO AntiVirus

Trojan.Win32.LoadMoney.cttsmk

0.28.6.63850

Norman

Kelihos.TJU

11.20141231

Panda Antivirus

Trj/Genetic.gen

14.12.31.06

Qihoo 360 Security

Win32/Virus.Downloader.9a9

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141229

Sophos

Troj/LdMon-E

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Kryptik

10144

Trend Micro House Call

TROJ_GEN.R08NC0DL514

7.2.365

Trend Micro

TROJ_GEN.R08NC0DL514

10.465.31

Vba32 AntiVirus

TScope.Malware-Cryptor.SB

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Encpk.zea

35468

File size:

110.4 KB (113,024 bytes)

Digital Signature

Signed by:

VIST

Authority:

COMODO CA Limited

Valid from:

1/20/2014 3:30:00 AM

Valid to:

1/21/2015 3:29:59 AM

Subject:

CN=VIST, O=VIST, STREET="Chistova, 6A", L=Moscow, S=Moscowskaya oblast, PostalCode=109390, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

204E717AF42FC1AC4E22F179E6AF42F3

File PE Metadata

Compilation timestamp:

2/1/2014 1:55:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

40.0

CTPH (ssdeep):

1536:NIPzbk6w+D1S9642C2CTXUaY2r6EodhOJVuLzxgMGfZ34sO+ASb8ElEbCuEUUu:NcA81BoULPEUUcLe4DhIE5Eo

Entry address:

0x67C2

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 34, 41, 00, 68, 50, 69, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, D8, 20, 41, 00, 59, 83, 0D, C4, 34, 41, 00, FF, 83, 0D, C8, 34, 41, 00, FF, FF, 15, DC, 20, 41, 00, 8B, 0D, 6C, 34, 41, 00, 89, 08, FF, 15, E0, 20, 41, 00, 8B, 0D, 68, 34, 41, 00, 89, 08, A1, E4, 20, 41, 00, 8B, 00, A3, CC, 34, 41, 00, E8, 10, 01, 00, 00, 39, 1D, 00, 34, 41, 00, 75, 0C, 68, 3E, 69, 40, 00, FF, 15, E8, 20... 
[+]

Entropy:

6.7458

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

67 KB (68,608 bytes)

Remove 28555050-sample - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.