» {3f4eaac5-4734-4684-abb7-4fe6c09e4c81}
Overview
Analysis
File Details

{3f4eaac5-4734-4684-abb7-4fe6c09e4c81}

The file {3f4eaac5-4734-4684-abb7-4fe6c09e4c81} has been detected as malware by 26 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

Version:

0.0.0.0

MD5:

c1ffbeaacf76d67d168cc2a66f990e61

SHA-1:

b94a07111829cdfbc8f934fe6bfa86d1bb6a325b

SHA-256:

ef6d3eb87f6d1f5fbff447b2ea9639593b626d4d8dcf53eb5ace557ce248bfe0

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/19/2024 12:00:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.MSILKrypt.11

856

Avira AntiVirus

TR/ATRAPS.Gen

7.11.173.6

avast!

MSIL:Crypt-BK [Drp]

2014.9-141002

AVG

Dropper.Agent.10.A

2015.0.3334

Baidu Antivirus

Trojan.MSIL.Dropper

4.0.3.14102

Bitdefender

Gen:Variant.MSILKrypt.11

1.0.20.1375

Comodo Security

TrojWare.MSIL.TrojanDropper.Small.H

19544

Dr.Web

Trojan.PWS.Spy.11887

9.0.1.0275

Emsisoft Anti-Malware

Gen:Variant.MSILKrypt.11

8.14.10.02.04

ESET NOD32

MSIL/TrojanDropper.Agent.KO (variant)

8.10433

Fortinet FortiGate

MSIL/Dropper.WT!tr

10/2/2014

F-Secure

Gen:Variant.MSILKrypt.11

11.2014-02-10_5

G Data

Gen:Variant.MSILKrypt.11

14.10.24

IKARUS anti.virus

Trojan-Dropper.MSIL

t3scan.1.7.8.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3164

Malwarebytes

Trojan.0rpyGen

v2014.10.02.04

McAfee

BackDoor-FBEQ!C1FFBEAACF76

5600.6990

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AN

1.11005

MicroWorld eScan

Gen:Variant.MSILKrypt.11

15.0.0.825

NANO AntiVirus

Trojan.Win32.Krypt.ctnrpk

0.28.2.62151

Norman

Obfuscated.gen!r

11.20141002

Panda Antivirus

Generic Malware

14.10.02.04

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Quick Heal

Trojan.Injector.A4

10.14.14.00

Sophos

Mal/MSIL-BJ

4.98

VIPRE Antivirus

Trojan.MSIL.Agent.ko

33204

File size:

80 KB (81,920 bytes)

Product version:

0.0.0.0

Original file name:

0.exe

File PE Metadata

Compilation timestamp:

9/17/2014 1:45:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:xQk3h4UW3jHZiaiOrhVQTChaalRH83RTLGV:xd3hq37ZiRO5I2

Entry address:

0x12CFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

68 KB (69,632 bytes)

Remove {3f4eaac5-4734-4684-abb7-4fe6c09e4c81} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.