» 3A55D9E0.cpp
Overview
Analysis
File Details

3A55D9E0.cpp

File Integrity Settings

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file 3A55D9E0.cpp, “File Integrity Settings” has been detected as malware by 25 anti-virus scanners.

File name:

3A55D9E0.cpp

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

File Integrity Settings

Version:

5.2.3790.0 (srv03_rtm.030324-2048)

MD5:

3521950be635364cd95b5d213e66341d

SHA-1:

2758249928ada89f61dced9fe2e3f5c9a35e8134

SHA-256:

787dde3d28ea863333f75600b421fe77234862088c38828d8eb146c3dfde0e3f

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/20/2024 4:05:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.486824

651

Avira AntiVirus

TR/Crypt.ZPACK.104175

7.11.183.152

avast!

Win32:Malware-gen

2014.9-150425

AVG

Generic36

2016.0.3129

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.15425

Bitdefender

Gen:Variant.Kazy.486824

1.0.20.575

Emsisoft Anti-Malware

Gen:Variant.Kazy.486824

8.15.04.25.02

ESET NOD32

Win32/Reveton.AJ

9.10684

Fortinet FortiGate

W32/Yakes.AJ!tr

4/25/2015

F-Secure

Gen:Variant.Kazy.486824

11.2015-25-04_7

G Data

Gen:Variant.Kazy.486824

15.4.24

herdProtect (fuzzy)

variant of amzk.dll

2015.7.26.5

IKARUS anti.virus

Trojan.Win32.Reveton

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13930

Kaspersky

Trojan.Win32.Yakes

14.0.0.2139

Malwarebytes

Trojan.FakeMS.ED

v2015.04.25.02

McAfee

Artemis!3521950BE635

5600.6785

Microsoft Security Essentials

Ransom:Win32/Reveton

1.11104

Quick Heal

Trojan.Yakes.rb

4.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1791103E!395382846

23.00.65.15423

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-FakeMS

9915

Trend Micro House Call

HB_VAWTRAK-1

7.2.115

Trend Micro

HB_VAWTRAK-1

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

34584

File size:

268.2 KB (274,616 bytes)

Product version:

5.2.3790.0

Original file name:

sigtab.dll

Language:

English (United States)

Common path:

C:\ProgramData\3a55d9e0.cpp

File PE Metadata

Compilation timestamp:

3/28/2006 7:07:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:gFo88LdkbjPbWBiJqhlOQRjbIKi/JjcfCdX1HhPI7EszUhZvAEgMwK7KqeUay3b9:AHbqbFFbAwfCJw7UhZvLgMv7day354sJ

Entry address:

0x81E3

Entry point:

E9, AA, FD, FF, FF, E9, DA, 01, 00, 00, E9, 4D, 11, 00, 00, 55, 8B, EC, 83, EC, 5C, C7, 45, EC, 0C, 00, 00, 00, C7, 45, FC, F5, 4E, 6D, D9, C7, 45, F0, 00, 00, 00, 00, C7, 45, C4, 04, 00, 00, 00, C7, 45, E4, 05, 00, 00, 00, C7, 45, F4, 08, CA, 6C, 52, C7, 45, AC, 43, 36, F8, AD, C7, 45, B0, 6A, 36, 01, AE, C7, 45, B4, 5D, 36, FF, AD, C7, 45, B8, 2B, 36, C5, AD, C7, 45, BC, F8, 35, 93, AD, C7, 45, CC, 4E, 9F, 05, 22, C7, 45, D0, 6D, 97, FF, FD, C7, 45, D4, 6A, A5, 07, 13, C7, 45, D8, 5B, AA, 93, AD, FF, 75... 
[+]

Entropy:

6.7632

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

172 KB (176,128 bytes)

Remove 3A55D9E0.cpp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.