» 6c257b9d.exe
Overview
Analysis
File Details

6c257b9d.exe

Thorsten Blauhut http://www.desksave.de

The executable 6c257b9d.exe has been detected as malware by 21 anti-virus scanners. According to Microsoft Security Essentials, this Dorkbot IRC-based worm is designed to capture user names and passwords by intercepting on your network traffic, and can block websites that are related to security updates. It can also be used to launch denial of service (DoS) attacks.

File name:

6c257b9d.exe

Publisher:

Thorsten Blauhut http://www.desksave.de

Description:

DeskSave

Version:

8, 2, 1, 0

MD5:

2374984aac1030be0571a8a1c64ec8d0

SHA-1:

d2874ba7ebc0b4cfced7e86a71adf9bf863c3137

SHA-256:

d0c75e2f8b279c157099d99cc872906a7264c9bb1fa52e9375019b8194243780

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/19/2024 7:25:06 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Chifrax

2012.09.17

Avira AntiVirus

TR/Dropper.Gen

7.11.43.60

avast!

Win32:Vitro

2014.9-170316

AVG

Win32/VBCrypt

2018.0.2437

Bitdefender

Worm.Generic.353200

1.0.20.375

Dr.Web

Trojan.VbCrypt.86

9.0.1.075

Emsisoft Anti-Malware

Worm.Win32.Dorkbot!IK

8.17.03.16.12

ESET NOD32

Win32/Injector.LTQ (variant)

11.7484

G Data

Worm.Generic.353200

17.3.22

IKARUS anti.virus

Worm.Win32.Dorkbot

t3scan.1.1.122.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1318

McAfee

Generic Backdoor.xo

5600.6093

Microsoft Security Essentials

Worm:Win32/Dorkbot.A

1.163.1557.0

nProtect

Worm.Generic.353200

12.09.16.01

Panda Antivirus

Generic Worm

17.03.16.12

Quick Heal

(Suspicious) - DNAScan

3.17.12.00

Rising Antivirus

Win32.Virut.db

23.00.65.17314

Sophos

Mal/VB-ABD

4.80

SUPERAntiSpyware

Trojan.Agent/Gen-VBInject

8532

Total Defense

Win32/Rbot.C!generic

37.0.10076

ViRobot

Trojan.Win32.A.VBKrypt.253952.DL

2011.4.7.4223

File size:

268 KB (274,432 bytes)

Product version:

8.2.1

Original file name:

DeskSave.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/28/2038 9:22:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x4DA0

Entry point:

68, 44, 54, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 42, 3B, 1B, 1B, B3, 7E, 49, 42, B0, 5C, A5, F7, 31, 4C, 3E, A2, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 57, 76, 6A, 71, 6D, 75, 78, 66, 6A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 08, D2, 75, A2, 8F, BF, C0, 7B, 4E, 89, EA, 14, B2, 91, 1B, 39, A4, 87, 4D, 97, 2D, 9F, 0C, 9D, 4E, B7, AC, 9A, 76, FA, CE, BB, 6E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

6.6144

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

136 KB (139,264 bytes)

Remove 6c257b9d.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.