home

Esoterische.exe

LastPass

The file Esoterische.exe has been detected as malware by 13 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
LastPass

Product:
LastPass

Version:
1.00.0006

MD5:
a0b7a771af23938dd559729a80d5ccf7

SHA-1:
49f542b6105182ee0404e17ea1cf8ff7f1a17b16

SHA-256:
bf94f4044670d53f8ae8a4f266df170a863419ddd863ac07344b418fde209501

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
4/25/2024 8:46:05 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.VB.31668
8.3.1.6

avast!
Win32:Rootkit-gen [Rtk]
2014.9-150528

AVG
Inject2
2016.0.3095

Bkav FE
HW32.Packed
1.3.0.6379

ESET NOD32
Win32/Neurevt
9.11638

Fortinet FortiGate
W32/Neurevt.I!tr
5/28/2015

Kaspersky
Trojan.Win32.Droma
14.0.0.1971

McAfee
Artemis!A0B7A771AF23
5600.6751

Microsoft Security Essentials
Trojan:Win32/Neurevt.gen!A
1.1.11602.0

Panda Antivirus
Trj/Chgt.O
15.05.28.06

Reason Heuristics
Win32.Generic.Task.Meta
15.5.28.14

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15526

Sophos
Mal/Generic-S
4.98

File size:
319.3 KB (326,946 bytes)

Product version:
1.00.0006

Copyright:
LastPass

Original file name:
Esoterische.exe

Language:
Taiwanese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\7223.tmp

File PE Metadata
Compilation timestamp:
5/15/2015 8:42:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:iNqA0gbefSt0LY/Kg4MqGkwWageKpuyvIzXnLvBwyYdNw++BfOBfgWoiSuXv7XHM:757Kt4sKQqGk/Rf0nLvBR0kB2gWar5f

Entry address:
0x1380

Entry point:
68, 78, B8, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 3E, 79, 65, 32, 62, E3, 5D, 46, AE, 28, A3, BD, FF, CD, C1, E7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 06, 50, 83, 01, 42, 61, 64, 65, 6B, 61, 72, 72, 65, 37, 00, 00, 9C, 30, 2E, 03, 00, 00, 00, 00, FF, CC, 31, 00, 09, 66, 4B, 90, BA, 19, 69, 57, 4D, A9, B1, C7, C0, 59, 47, 1C, 5F, FC, B5, 7A, D4, BF, 33, 07, 45, 95, 7F, BC, C4, E8, 9F, 28, E6, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
292 KB (299,008 bytes)

Scheduled Task
Task name:
Windows Update Check - 0x0B4E02AC

Trigger:
Logon (Runs on logon)


Remove Esoterische.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.