home

6itza.exe

Bonavist awane

IKARUS Security Software GmbH

The executable 6itza.exe has been detected as malware by 12 anti-virus scanners.
Publisher:
BlackBerry Limited, Research In Motion Limited (RIM)  (signed by IKARUS Security Software GmbH)

Product:
Bonavist awane

Description:
Nitramin

Version:
1.04.0006

MD5:
c93d4e8a2d30fe82bb94627e169a1cf0

SHA-1:
8ec599d3c258c0328ba8b3ec7be360dec2884178

SHA-256:
e3646502fd4d08d45cc10196c0c6f59ce234ff110670d2ab9abb9c810076b90c

Scanner detections:
12 / 68

Status:
Malware

Analysis date:
4/25/2024 11:50:24 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Worm.Win32.Shakblades
4.0.3.1617

Bitdefender
Gen:Variant.Kazy.252965
1.0.20.35

Emsisoft Anti-Malware
Gen:Variant.Kazy.252965
8.16.01.07.07

Fortinet FortiGate
W32/Shakblades.QEW!worm
1/7/2016

F-Secure
Gen:Variant.Kazy.252965
11.2016-07-01_5

G Data
Gen:Variant.Kazy.252965
16.1.22

Kaspersky
Worm.Win32.Shakblades
14.0.0.853

McAfee
Artemis!C93D4E8A2D30
5600.6528

Microsoft Security Essentials
Worm:Win32/Ainslot.A
1.163.1557.0

MicroWorld eScan
Gen:Variant.Kazy.252965
17.0.0.21

Norman
VB.gen!r
11.20160107

Panda Antivirus
Suspicious file
16.01.07.07

File size:
300.6 KB (307,857 bytes)

Product version:
1.04.0006

Original file name:
Irreliab.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\6itza.exe

Digital Signature
Signed by:
IKARUS Security Software GmbH

Authority:
VeriSign, Inc.

Valid from:
3/14/2010 7:30:00 PM

Valid to:
3/14/2013 7:29:59 PM

Subject:
CN=IKARUS Security Software GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IKARUS Security Software GmbH, L=Wien, S=Austria, C=AT

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22D393D507371552729E0E46B6969623

File PE Metadata
Compilation timestamp:
9/20/2013 1:11:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:0dYplCztH21Y95sLjBTEvN2cLWix2/7lqN1LZ:Oml91Y95sLJO2cLWe2TsnLZ

Entry address:
0x1448

Entry point:
68, 5C, 15, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 81, ED, 37, 2C, 44, 00, 8E, 4F, B0, 25, 8F, 1E, D0, 96, F0, 28, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 63, 79, 6C, 61, 6D, 69, 6E, 6F, 00, 3E, 02, 38, 08, 41, 00, 00, 00, 00, 00, 01, 00, 03, 00, 94, 23, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 78, 24, 40, 00, 44, D0, 40, 00, 00, 00, 00, 00, 58, C3, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
48 KB (49,152 bytes)

Remove 6itza.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.