» 3f319778d181773aafd0d3e121b53f60.pe
Overview
Analysis
File Details

3f319778d181773aafd0d3e121b53f60.pe

45fdf rfgf

589ukjh

The file 3f319778d181773aafd0d3e121b53f60.pe has been detected as malware by 43 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

Publisher:

589ukjh

Product:

45fdf rfgf

Description:

Version:

0.5.0.5

MD5:

3f319778d181773aafd0d3e121b53f60

SHA-1:

0e2189febaf3e96a47fc8e0c876d1ebb17339925

SHA-256:

9221554e9de0c6a7ccfbec8f259ecfc03d7ef243caa0aa321dc45fa6eab4b546

Scanner detections:

43 / 68

Status:

Malware

Analysis date:

5/8/2024 7:24:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Spy.ZBot.CB

658

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Win32/IRCBot.worm.variant

2015.03.22

Avira AntiVirus

TR/Drop.Agent.snu

7.11.219.26

avast!

Win32:Injecter-AU [Trj]

2014.9-150418

AVG

Downloader.Generic14

2016.0.3136

Baidu Antivirus

Trojan.Win32.Downloader

4.0.3.15418

Bitdefender

Trojan.Spy.ZBot.CB

1.0.20.540

Bkav FE

W32.FamVT.SmallDownloader.Trojan

1.3.0.6379

Clam AntiVirus

Trojan.Agent-22088

0.98/21511

Comodo Security

TrojWare.Win32.TrojanDropper.Agent.snu0

21494

Dr.Web

Trojan.DownLoader.63177

9.0.1.0108

Emsisoft Anti-Malware

Trojan.Spy.ZBot.CB

8.15.04.18.06

ESET NOD32

Win32/TrojanDownloader.Small.OBC

9.11358

Fortinet FortiGate

W32/PackZbot.AFG!tr

4/18/2015

F-Prot

W32/Trojan2.BQFY

v6.4.7.1.166

F-Secure

Trojan.Spy.ZBot.CB

11.2015-18-04_7

G Data

Trojan.Spy.ZBot.CB

15.4.25

herdProtect (fuzzy)

variant of virussign.com_da5c484e5bd9b30d430b951548535800.vir

2015.7.19.18

IKARUS anti.virus

Trojan-Downloader.Win32.Small

t3scan.1.8.6.0

K7 AntiVirus

Trojan-Downloader

13.202.15341

Kaspersky

Trojan-Downloader.Win32.Small

14.0.0.2174

Malwarebytes

Trojan.Spy.Zbot

v2015.04.18.06

McAfee

PWS-Zbot.gen.ak

5600.6792

Microsoft Security Essentials

Backdoor:Win32/Koceg

1.1.11400.0

MicroWorld eScan

Trojan.Spy.ZBot.CB

16.0.0.324

NANO AntiVirus

Trojan.Win32.Small.vsgxe

0.30.8.659

Norman

Smalltroj.EDVX

11.20150418

nProtect

Trojan-Downloader/W32.Small.833472

15.03.20.01

Panda Antivirus

Trj/Genetic.gen

15.04.18.06

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Small.r2 (Not a Virus)

4.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.18.2

Rising Antivirus

PE:Trojan.DL.Win32.Small.obd!1075169488

23.00.65.15416

Sophos

Troj/AtBdPk-Gen

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-FalComp

9928

Total Defense

Win32/Kollah.AOH

37.0.11507

Trend Micro House Call

TROJ_AGENT_054712.TOMB

7.2.108

Trend Micro

TROJ_AGENT_054712.TOMB

10.465.18

Vba32 AntiVirus

Worm.Socks

3.12.26.3

VIPRE Antivirus

BehavesLike.Win32.Malware.mmu (mx-v)

38656

ViRobot

Worm.Win32.Socks.36201[h]

2014.3.20.0

Zillya! Antivirus

Downloader.Small.Win32.7969

2.0.0.2110

File size:

813.9 KB (833,472 bytes)

Product version:

0.6.7.0

Original file name:

1.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\3f319778d181773aafd0d3e121b53f60.pe

File PE Metadata

Compilation timestamp:

4/15/2008 9:58:03 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

81.67

CTPH (ssdeep):

12288:H5Z5QDMy/y/y/y/y/y5+AeeM5BQ+Ae1y/yS5sy/yS5Z5syS5Z5Z5Z5syS5H:Qaaaaabeease0a2aSKs

Entry address:

0x10E9

Entry point:

05, 02, 0A, 34, 00, BE, A6, 34, 00, 00, D9, D0, D9, D0, BF, 4A, 11, 40, 00, B9, 02, 00, 00, 00, 81, C2, 56, B2, 23, 00, 01, C9, 29, 0F, 01, CF, 01, F9, 81, C2, E6, 95, 06, 04, 81, FF, 90, 2D, 40, 00, 72, DF, 29, FA, D9, D0, 81, C2, 2C, 49, 56, 03, 4E, 85, F6, 74, 1E, 68, F5, 10, 40, 00, C3, C5, EC, 74, 3B, A9, 07, 00, 00, 8D, F4, 28, 7E, 1F, 02, 00, 00, 8D, A6, 60, EA, 91, 07, 00, 00, 71, A3, 69, 90, AA, 12, 01, E8, E6, ED, 00, 00, 71, A3, A4, 51, AC, 12, 01, 68, 00, E5, 40, 00, 80, 10, 1C, 00, 98, AB, D1... 
[+]

Entropy:

7.9894 (probably packed)

Code size:

7.5 KB (7,680 bytes)

Remove 3f319778d181773aafd0d3e121b53f60.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.