» 4314
Overview
Analysis
File Details

4314

Unforded

Foolish IT LLC

The file 4314 has been detected as malware by 21 anti-virus scanners.

File name:

4314

Publisher:

Vecuria (signed by Foolish IT LLC)

Product:

Unforded

Description:

Headly

Version:

1.00

MD5:

be9f40f648e523484b5b43b82286f968

SHA-1:

10a13596122e4059a831a6ecec32e0dd529fa324

SHA-256:

230177084f38efd6f95a9f1d417c10b1cfb00b60106a08da9ff26b70005fc417

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/25/2024 5:55:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Jaik.9803

366

Agnitum Outpost

Trojan.VBKryjetor

7.1.1

Avira AntiVirus

TR/Dropper.VB.44151

8.3.2.4

Arcabit

Trojan.Jaik.D264B

1.0.0.629

avast!

Win32:Rootkit-gen [Rtk]

2014.9-160203

AVG

Generic_vb

2017.0.2844

Bitdefender

Gen:Variant.Jaik.9803

1.0.20.170

Bkav FE

W32.BaytasiAB.Trojan

1.3.0.7383

Emsisoft Anti-Malware

Gen:Variant.Jaik.9803

8.16.02.03.11

Fortinet FortiGate

W32/Injector.COMV!tr

2/3/2016

F-Secure

Gen:Variant.Jaik.9803

11.2016-03-02_4

G Data

Gen:Variant.Jaik.9803

16.2.25

IKARUS anti.virus

Trojan.Win32.Dynamer

t3scan.1.9.5.0

Kaspersky

Trojan.Win32.VBKryjetor

14.0.0.715

McAfee

Artemis!BE9F40F648E5

5600.6500

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12400.0

MicroWorld eScan

Gen:Variant.Jaik.9803

17.0.0.102

Panda Antivirus

Trj/CI.A

16.02.03.11

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48 [F]

23.00.65.16201

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

45930

File size:

311.1 KB (318,608 bytes)

Product version:

1.00

Original file name:

Sarcolysis0.exe

Common path:

C:\users\{user}\appdata\local\temp\4314

Digital Signature

Signed by:

Foolish IT LLC

Authority:

StartCom Ltd.

Valid from:

5/10/2014 9:38:40 AM

Valid to:

5/10/2016 5:34:08 AM

Subject:

E=foolishtech@foolishit.com, CN=Foolish IT LLC, O=Foolish IT LLC, L=Manteo, S=North Carolina, C=US, Description=D9J0KaT9DvjE2CWD

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0E63

File PE Metadata

Compilation timestamp:

12/17/2015 3:56:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:S3P7UwVN4dyX3nKAxUEdA/MZa7+Tn9L1yYbLV:S3P7UwVN4dyX1dJM7+D9LYYLV

Entry address:

0x117C

Entry point:

68, 34, 12, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 88, D4, F7, C1, D9, 20, 85, 49, 8B, 1C, 0D, EC, 4A, 2D, F2, 02, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 70, 6F, 74, 6C, 69, 67, 68, 74, 65, 72, 00, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, 74, 47, 40, 00, 07, 00, 00, 00, 14, 47, 40, 00, 07, 00, 00, 00, B8, 46, 40, 00, 07, 00, 00, 00, 60, 46, 40, 00, 01, 00, 0F, 00, 74, 3B, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

292 KB (299,008 bytes)

Remove 4314 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.