home

6982ac82.exe

Emsisoft GmbH

The executable 6982ac82.exe has been detected as malware by 31 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Ofics’.
Publisher:
BitAddicted  (signed by Emsisoft GmbH)

Product:
BitAddicted

Version:
7.08

MD5:
8f8dbf122523e18f249abb800b17a879

SHA-1:
040dce1d9031a708ffff1ca1ee2d5279f6b849b9

SHA-256:
905a45758b959757a7beac9d65f61ac8bfedf11628c31c285494ce856c34b40c

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/25/2024 4:15:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.165731
358

Agnitum Outpost
Trojan.VB
7.1.1

AhnLab V3 Security
Trojan/Win32.Miuref
2015.11.26

Avira AntiVirus
TR/Dropper.VB.38043
8.3.2.4

Arcabit
Trojan.Zusy.D28763
1.0.0.624

avast!
Win32:Malware-gen
2014.9-160212

AVG
Atros2
2017.0.2836

Baidu Antivirus
Trojan.Win32.Boaxxe
4.0.3.16212

Bitdefender
Gen:Variant.Zusy.165731
1.0.20.215

Dr.Web
Trojan.Siggen6.23087
9.0.1.043

Emsisoft Anti-Malware
Gen:Variant.Zusy.165731
8.16.02.12.04

ESET NOD32
Win32/Boaxxe.BR
10.12625

Fortinet FortiGate
W32/Injector.CMTT!tr
2/12/2016

F-Secure
Gen:Variant.Zusy.165731
11.2016-12-02_6

G Data
Gen:Variant.Zusy.165731
16.2.25

IKARUS anti.virus
Trojan.Win32.Boaxxe
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17972

Kaspersky
Trojan.Win32.VB
14.0.0.674

Malwarebytes
Trojan.Injector.VB
v2016.02.12.04

McAfee
RDN/Generic.grp
5600.6492

Microsoft Security Essentials
VirTool:Win32/VBInject.AER
1.1.12300.0

MicroWorld eScan
Gen:Variant.Zusy.165731
17.0.0.129

NANO AntiVirus
Trojan.Win32.Siggen6.dxyrel
0.30.26.4751

Panda Antivirus
Trj/Genetic.gen
16.02.12.04

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9329

Trend Micro
TROJ_GEN.R01TC0VJO15
10.465.12

Vba32 AntiVirus
Trojan.VB
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
45432

Zillya! Antivirus
Trojan.Crypt.Win32.22220
2.0.0.2527

File size:
179.8 KB (184,104 bytes)

Product version:
7.08

Original file name:
BitAddicted.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\ofics\6982ac82.exe

Digital Signature
Signed by:
Emsisoft GmbH

Authority:
DigiCert Inc

Valid from:
4/12/2012 4:00:00 AM

Valid to:
6/16/2015 4:00:00 PM

Subject:
CN=Emsisoft GmbH, O=Emsisoft GmbH, L=Thalgau, C=AT

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D264BA95F92C7A55D53EC2B551DE980

File PE Metadata
Compilation timestamp:
3/18/2016 7:02:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:rm41B4bIdzdmy1QgiLv7an37fLfZb9F8B8iq9gj8VZloUm7d0owYq6dO0qlxd4pY:rrzdzQyShD42B8iqE8V++xWUcJzrgJT

Entry address:
0x1284

Entry point:
68, CC, F5, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 2E, 0C, 3A, 9C, 80, 62, EF, 45, B2, 0C, 7D, C4, B4, 09, 20, 9D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, FB, 02, A7, 00, 00, 00, 44, 61, 63, 68, 62, 72, 65, 74, 74, 00, 41, 00, F0, 07, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, BD, 98, A4, 93, 88, 3C, 3A, 4C, 9F, B9, 8A, 61, 79, E2, 58, 81, 87, B7, EA, 4F, 73, 84, 25, 4F, B8, CC, 44, B3, 49, 58, 1A, E9, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
152 KB (155,648 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Ofics

Command:
C:\users\{user}\appdata\local\ofics\6982ac82.exe


Remove 6982ac82.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.