» 8157.exe
Overview
Analysis
File Details

8157.exe

The executable 8157.exe has been detected as malware by 31 anti-virus scanners.

File name:

8157.exe

MD5:

ec1e51dfb023829c8405dd561450a82f

SHA-1:

4460391c3d783062b8054238c877b96d679ddd97

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/18/2024 6:50:04 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.Palevo.Gen

7.1.1

AhnLab V3 Security

Win32/Palevo13.worm.Gen

2013.01.03

Avira AntiVirus

TR/Crypt.XPACK.Gen3

7.11.55.82

avast!

Win32:Morphex [Cryp]

2014.9-150130

AVG

Win32/Cryptor

2016.0.3214

Bitdefender

Gen:Variant.Kazy.8043

1.0.20.150

Comodo Security

Worm.Win32.Bflient.~V

14767

Dr.Web

Trojan.Packed.21305

9.0.1.030

Emsisoft Anti-Malware

Gen:Variant.Kazy.8043

8.15.01.30.11

ESET NOD32

Win32/Bflient (variant)

9.7852

Fortinet FortiGate

W32/Kryptik.ANX!tr

1/30/2015

F-Prot

W32/Rimecud.O.gen

v6.4.6.5.141

F-Secure

Trojan-Dropper:W32/Agent.DQKK

11.2015-30-01_6

G Data

Gen:Variant.Kazy.8043

15.1.22

IKARUS anti.virus

Trojan.Win32.Rimecud

t3scan.1.1.122.0

K7 AntiVirus

Trojan

13.155.8058

Kaspersky

P2P-Worm.Win32.Palevo

14.0.0.2563

Malwarebytes

Trojan.Agent

v2015.01.30.11

McAfee

W32/Rimecud.gen.ay

5600.6870

Microsoft Security Essentials

Trojan:Win32/Rimecud.A

1.163.1557.0

Norman

W32/Suspicious_Gen2.HWVTC

11.20150130

Panda Antivirus

Trj/Rimecud.a

15.01.30.11

Quick Heal

Trojan.Rimecud.AA

1.15.12.00

Rising Antivirus

Trojan.Win32.Generic.127C2129

23.00.65.15128

Sophos

Mal/Palevo-A

4.84

SUPERAntiSpyware

Trojan.Agent/Gen-FakeAV[Kazy]

10084

Total Defense

Win32/Rimecud.P!generic

37.0.10234

Trend Micro House Call

WORM_PALEVO.SMGF

7.2.30

Trend Micro

WORM_PALEVO.SMGF

10.465.30

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.18.4

VIPRE Antivirus

Trojan.Win32.Rimecud.e

14802

File size:

146.5 KB (150,016 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\8157.exe

File PE Metadata

Compilation timestamp:

8/6/2007 7:09:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:UMDddQw37k1b6ASehhLzsvMae0+Om9DBr/UJFMX:DDH0w4zsUadFiK

Entry address:

0x104B

Entry point:

8B, FF, 55, 8B, EC, 83, EC, 3C, 56, 53, 3D, 94, 76, 0E, 75, 75, 1A, 1B, D3, 2B, C1, 88, 5D, FC, 68, 10, A0, 40, 00, 68, 9C, A0, 40, 00, E8, 73, 02, 00, 00, 83, 6D, F8, FF, 6A, 00, E8, 6E, 02, 00, 00, C7, 05, 0C, A0, 40, 00, BC, 02, 00, 00, C7, 45, F4, FF, FF, FF, FF, A9, 9C, F8, 7E, 39, 7C, 10, 81, 0D, 0C, A0, 40, 00, 40, A4, A4, 00, 13, 15, 00, A0, 40, 00, 33, C7, 88, 1D, 09, A0, 40, 00, 11, 75, F8, 66, C7, 05, 34, A0, 40, 00, C0, 0E, 66, 0B, 4D, F4, 80, 15, 0A, A0, 40, 00, 90, 89, 4D, F0, E8, 25, 02, 00... 
[+]

Entropy:

5.9622

Code size:

1024 Bytes (1,024 bytes)

Remove 8157.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.