» 6661397.exe
Overview
Analysis
File Details

6661397.exe

The executable 6661397.exe has been detected as malware by 22 anti-virus scanners.

File name:

6661397.exe

MD5:

a3012a77d8d17af86c33cc0900c89fbf

SHA-1:

d9961d00164e23c0b04939882c72aa67f4a7f105

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/25/2024 4:41:46 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Worm/Win32.Palevo

2011.01.18

Avira AntiVirus

TR/Kazy.8043.611

7.11.1.201

avast!

Win32:Trojan-gen

2014.9-150130

AVG

Win32/Cryptor

2016.0.3214

Bitdefender

Gen:Variant.Kazy.8043

1.0.20.150

Clam AntiVirus

Trojan.GenericFF

0.98/17411

ESET NOD32

Win32/Bflient (variant)

9.5804

Fortinet FortiGate

W32/Katusha.P!tr

1/30/2015

F-Secure

Gen:Variant.Kazy.8043

11.2015-30-01_6

G Data

Gen:Variant.Kazy.8043

15.1.21

IKARUS anti.virus

Trojan.Win32.Rimecud

t3scan.1.1.97.0

K7 AntiVirus

Trojan

13.77.3603

Kaspersky

Packed.Win32.Katusha

14.0.0.2563

McAfee

Generic Dropper.xr

5600.6870

Microsoft Security Essentials

Trojan:Win32/Rimecud.A

1.163.1557.0

nProtect

Gen:Variant.Kazy.8043

11.01.18.01

Panda Antivirus

Trj/CI.A

15.01.30.11

Sophos

Mal/Palevo-A

4.61

SUPERAntiSpyware

Trojan.Agent/Gen-Kazy

10084

Trend Micro House Call

WORM_PALEVO.SMGF

7.2.30

Trend Micro

WORM_PALEVO.SMGF

10.465.30

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.14.3

File size:

148.5 KB (152,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\6661397.exe

File PE Metadata

Compilation timestamp:

1/29/2009 10:29:50 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:ljh4CIXd5Njh2qc0fjB+GB/ArOUmYsH3HA:XSf1h2v07v/Arep3g

Entry address:

0x1165

Entry point:

8B, FF, 55, 8B, EC, 83, EC, 40, 6A, 00, 68, 28, A0, 40, 00, 68, 40, A0, 40, 00, E8, 82, 01, 00, 00, C7, 45, FC, 00, 00, 00, 00, 50, E8, 4B, 01, 00, 00, 85, CF, 75, 0E, 80, 25, 05, A0, 40, 00, C0, 00, 75, FC, 80, 55, F8, 00, 8B, 1D, 58, A0, 40, 00, 88, 0D, 06, A0, 40, 00, C7, 45, F4, 50, 38, FB, 00, 8A, 5D, F0, 8A, 55, EC, 8D, 45, D0, 50, E8, 65, 01, 00, 00, F7, D0, 8D, 45, D0, 50, E8, 54, 01, 00, 00, 68, 5C, A0, 40, 00, E8, 32, 01, 00, 00, 80, 65, CC, FF, E8, 2F, 01, 00, 00, 89, 1D, 58, A0, 40, 00, 68, 0C... 
[+]

Entropy:

5.9677

Code size:

1024 Bytes (1,024 bytes)

Remove 6661397.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.