» 5cd8f17f4086744065eb0992a09e05a2.exe
Overview
Analysis
File Details
Behaviors (1)

5cd8f17f4086744065eb0992a09e05a2.exe

aEoGhAKozlFOO

abPCbNl89BNj

The executable 5cd8f17f4086744065eb0992a09e05a2.exe has been detected as malware by 26 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5cd8f17f4086744065eb0992a09e05a2’.

File name:

Publisher:

abPCbNl89BNj

Product:

aEoGhAKozlFOO

Description:

acYh4I52tYW

Version:

5.7.8.35

MD5:

c8563f5aa27c7eb552e28493036b1ce6

SHA-1:

c10a9edf7c01e2a708b7a2c9afcfa45918581fa9

SHA-256:

97865ec6e8e146273e70e191b94c920f29f48a6ed6746f6a9a53611685fe61d8

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/25/2024 6:25:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.353510

701

Agnitum Outpost

Trojan.Injector

7.1.1

Avira AntiVirus

TR/Kazy.356363.3

7.11.174.236

avast!

Win32:Malware-gen

2014.9-150306

AVG

MSIL3

2016.0.3179

Baidu Antivirus

Trojan.MSIL.Disfa

4.0.3.1536

Bitdefender

Gen:Variant.Kazy.353510

1.0.20.325

Emsisoft Anti-Malware

Gen:Variant.Kazy.353510

8.15.03.06.03

ESET NOD32

MSIL/Injector.DBQ (variant)

9.10472

Fortinet FortiGate

MSIL/Injector.DBQ!tr

3/6/2015

F-Secure

Gen:Variant.Kazy.353510

11.2015-06-03_6

G Data

Gen:Variant.Kazy.353510

15.3.24

IKARUS anti.virus

Trojan.MSIL3

t3scan.1.7.8.0

Kaspersky

Trojan.MSIL.Disfa

14.0.0.2389

McAfee

Artemis!C8563F5AA27C

5600.6835

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.11005

MicroWorld eScan

Gen:Variant.Kazy.353510

16.0.0.195

NANO AntiVirus

Trojan.Win32.Kazy.dahade

0.28.2.62286

Norman

Troj_Generic.TWPWV

11.20150306

Panda Antivirus

Trj/CI.A

15.03.06.03

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.16A2EC03!379776003

23.00.65.15304

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C2C0DFP14

7.2.65

Trend Micro

TROJ_GEN.R0C2C0DFP14

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

33464

File size:

2.6 MB (2,691,072 bytes)

Product version:

5.7.8.35

Trademarks:

aID6w6dWtRIAWd

Original file name:

bbb.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\5cd8f17f4086744065eb0992a09e05a2.exe

File PE Metadata

Compilation timestamp:

3/3/2014 4:53:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:LTqz8bBxji904xhWyzhp0eQzohtvHI2wHI0eW4i2OFJ2XFEMXhgk:LGzQxjTmNOFsBa

Entry address:

0x29225E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.6 MB (2,688,000 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

5cd8f17f4086744065eb0992a09e05a2

Command:

"C:\users\{user}\appdata\local\temp\trojan.exe"..

Remove 5cd8f17f4086744065eb0992a09e05a2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.