home

2d44e53de93bb890b8ad44403bc9a538

The file 2d44e53de93bb890b8ad44403bc9a538 has been detected as malware by 23 anti-virus scanners.
Publisher:
Yahoo! Inc.*  (Invalid match)

Description:
Yahoo! Messenger

Version:
11.5.0.0228

MD5:
2d44e53de93bb890b8ad44403bc9a538

SHA-1:
d0f69f7e0a8af669669d84b0495c1ba132144e0d

SHA-256:
19b66cfb26f81377ea8ffd3afe6a5e6cd35b38db92099942173f25f23aaa9cdb

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
4/23/2024 4:31:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1981549
804

Avira AntiVirus
TR/Dropper.MSIL.97382
7.11.187.188

avast!
MSIL:Kryptik-AR [Trj]
2014.9-141123

AVG
MSIL5
2015.0.3282

Baidu Antivirus
Trojan.Win32.InfoStealer
4.0.3.141123

Bitdefender
Trojan.GenericKD.1981549
1.0.20.1635

Dr.Web
Trojan.PWS.Stealer.1932
9.0.1.0327

Emsisoft Anti-Malware
Trojan.GenericKD.1981549
8.14.11.23.09

ESET NOD32
MSIL/Kryptik.ANZ (variant)
8.10753

Fortinet FortiGate
W32/Tepfer.ANZ!tr.pws
11/23/2014

F-Secure
Trojan.GenericKD.1981549
11.2014-23-11_1

G Data
Trojan.GenericKD.1981549
14.11.24

IKARUS anti.virus
Trojan-PSW.Win32.Tepfer
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.14071

Kaspersky
Trojan-PSW.Win32.Tepfer
14.0.0.2903

Malwarebytes
Trojan.Agent.MTA
v2014.11.23.09

McAfee
RDN/Generic PWS.y!bb3
5600.6938

MicroWorld eScan
Trojan.GenericKD.1981549
15.0.0.981

nProtect
Trojan.GenericKD.1981549
14.11.20.01

Panda Antivirus
Trj/Chgt.L
14.11.23.09

Rising Antivirus
PE:Trojan.Win32.Generic.17A70B2A!396823338
23.00.65.141121

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
Suspicious_GEN.F47V1118
7.2.327

File size:
359 KB (367,616 bytes)

Copyright:
1997-2010 Yahoo! Inc.

Language:
English (United States)

Common path:
C:\users\{user}\downloads\91\2d44e53de93bb890b8ad44403bc9a538

File PE Metadata
Compilation timestamp:
11/17/2014 9:50:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:UpVuecG1bsmhy9V69KFztbkrJeHroX2l5Flb:B0bLy9qKZ4JeLoX2nD

Entry address:
0x4159E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, F1, F4, 45, 5A, FF, 2A, D0, 83, C1, CF, 30, 34, 27, CE, 44, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01, 01...
 
[+]

Entropy:
5.4639

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
253.5 KB (259,584 bytes)

Remove 2d44e53de93bb890b8ad44403bc9a538 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.