» 5435f313991b933e7d78891ed9eef6b0.pe
Overview
Analysis
File Details

5435f313991b933e7d78891ed9eef6b0.pe

BugReport

Tencent Technology(Shenzhen) Company Limited

The file 5435f313991b933e7d78891ed9eef6b0.pe has been detected as malware by 33 anti-virus scanners. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

Publisher:

Tencent (signed by Tencent Technology(Shenzhen) Company Limited)

Product:

BugReport

Description:

bugreport TDebug

Version:

0, 2, 2, 4

MD5:

5435f313991b933e7d78891ed9eef6b0

SHA-1:

22e687a4b440d8f284dbbb85ff642a20ab618e14

SHA-256:

703b9a657f128f8b55521fcf80da44a7b8c31ee01d5d4c95ec718bc9c7c9fca3

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/19/2024 10:50:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

714

Agnitum Outpost

Trojan.Patched

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.02.15

Avira AntiVirus

W32/Sality.AT

7.11.210.58

avast!

Win32:SaliCode

2014.9-150220

AVG

Win32/Sality

2016.0.3192

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15220

Bitdefender

Win32.Sality.3

1.0.20.255

Bkav FE

W32.Sality.PE

1.3.0.6379

Dr.Web

Win32.Sector.30

9.0.1.051

Emsisoft Anti-Malware

Win32.Sality

8.15.02.20.12

ESET NOD32

Win32/Sality.NBA

9.11177

F-Prot

W32/Virut.AI!Generic

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2015-20-02_6

G Data

Win32.Sality

15.2.25

IKARUS anti.virus

Virus.Win32.Kate

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.194.14967

Kaspersky

Virus.Win32.Sality

14.0.0.2457

McAfee

W32/Sality.gen.z

5600.6848

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.11302.0

MicroWorld eScan

Win32.Sality.3

16.0.0.153

NANO AntiVirus

Virus.Win32.Sality.yusp

0.30.0.65070

Norman

Sality.ZHB

11.20150220

nProtect

Win32.Sality.3

15.02.13.01

Quick Heal

W32.Sality.U

2.15.14.00

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.11441

Trend Micro House Call

PE_SALITY.ER

7.2.51

Trend Micro

PE_SALITY.ER

10.465.20

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Virus.Win32.Sality.atbh

37554

ViRobot

Win32.Sality.N[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2067

File size:

341.3 KB (349,520 bytes)

Product version:

0, 2, 2, 4

Original file name:

TestDebug.EXE

Language:

Chinese

Common path:

C:\users\{user}\downloads\virussignlist_free_150220\samples\5435f313991b933e7d78891ed9eef6b0.pe

Digital Signature

Signed by:

Tencent Technology(Shenzhen) Company Limited

Authority:

VeriSign, Inc.

Valid from:

2/26/2007 1:00:00 AM

Valid to:

2/27/2008 12:59:59 AM

Subject:

CN=Tencent Technology(Shenzhen) Company Limited, OU=Shenzhen R&D Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=Shenzhen, S=Guangdong, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0D55F995E6CDA7E40DB8629E5AF15E48

File PE Metadata

Compilation timestamp:

1/5/2006 8:27:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:RFaLpxs/ijJhu4Ab4CPfNjJjmQcYKxvpoyqMfz52:raLns/Ouh/x4LqMr8

Entry address:

0x26D06

Entry point:

55, 8B, EC, 6A, FF, 68, B0, D2, 42, 00, 68, C2, 6C, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 7C, B5, 42, 00, 59, 83, 0D, 84, 36, 43, 00, FF, 83, 0D, 88, 36, 43, 00, FF, FF, 15, 5C, B5, 42, 00, 8B, 0D, 64, 36, 43, 00, 89, 08, FF, 15, 4C, B5, 42, 00, 8B, 0D, 60, 36, 43, 00, 89, 08, A1, 50, B5, 42, 00, 8B, 00, A3, 80, 36, 43, 00, E8, 1C, 01, 00, 00, 39, 1D, 38, 22, 43, 00, 75, 0C, 68, 8E, 6E, 42, 00, FF, 15, 54, B5... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

168 KB (172,032 bytes)

Remove 5435f313991b933e7d78891ed9eef6b0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.