» 5591
Overview
Analysis
File Details

5591

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

The file 5591 has been detected as malware by 32 anti-virus scanners. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.

File name:

5591

Publisher:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7} (signed and verified)

MD5:

44410efb82781f0cdcdf092e8e083ded

SHA-1:

936d9e99ed3e7655e07df3554cb4db34923ae86e

SHA-256:

b0c072ed450d27053b4da03d689acdb120b18eaeac824d3b3008e0e45c085520

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/19/2024 1:56:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1691128

Agnitum Outpost

Trojan.Injector

7.1.1

AhnLab V3 Security

Trojan/Win32.CoinMiner

2014.11.28

Avira AntiVirus

TR/Rogue.255008

7.11.189.82

avast!

Win32:Malware-gen

2014.9-170121

AVG

Generic10_c

2018.0.2492

Baidu Antivirus

Trojan.MSIL.Citron

4.0.3.17121

Bitdefender

Trojan.GenericKD.1691128

1.0.20.105

Comodo Security

UnclassifiedMalware

20217

Dr.Web

Trojan.DownLoader10.63222

9.0.1.021

Emsisoft Anti-Malware

Trojan.GenericKD.1691128

8.17.01.21.07

ESET NOD32

MSIL/Injector.DTB (variant)

11.10795

Fortinet FortiGate

W32/Citron.CLA!tr

1/21/2017

F-Secure

Trojan.GenericKD.1691128

11.2017-21-01_7

G Data

Trojan.GenericKD.1691128

17.1.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.186.14161

Kaspersky

Trojan.MSIL.Citron

14.0.0.-1047

Malwarebytes

Trojan.Inject

v2017.01.21.07

McAfee

Artemis!44410EFB8278

5600.6148

Microsoft Security Essentials

Trojan:Win32/Malagent!gmb

1.11202

MicroWorld eScan

Trojan.GenericKD.1691128

18.0.0.63

NANO AntiVirus

Trojan.Win32.Citron.cyuset

0.28.6.63726

Norman

Troj_Generic.UCWMT

11.20170121

nProtect

Trojan/W32.Agent.255008.B

14.11.28.01

Panda Antivirus

Trj/CI.A

17.01.21.07

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/Cleaman-B

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PEQ14

7.2.21

Trend Micro

TROJ_GEN.R0CBC0PEQ14

10.465.21

Vba32 AntiVirus

Trojan.MSIL.Citron

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35208

File size:

249 KB (255,008 bytes)

Common path:

C:\users\{user}\appdata\local\temp\5591

Digital Signature

Signed by:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:

4/30/2014 1:39:56 AM

Valid to:

4/30/2015 7:39:56 AM

Subject:

CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:

CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:

1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata

Compilation timestamp:

5/22/2014 3:39:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x3FAFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0847

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

247 KB (252,928 bytes)

Remove 5591 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.