» {9054eed1-2d8f-4468-b1e4-e520098447ea}
Overview
Analysis
File Details

{9054eed1-2d8f-4468-b1e4-e520098447ea}

NoVirusThanks Company Srl

File name:

Publisher:

NoVirusThanks Company Srl (signed and verified)

MD5:

84ed2b14986e1a45064b18288d28b0af

SHA-1:

8061b79eb17c1e7fedaafa712dabe81b2fb89e2c

SHA-256:

ad4744b5e63f6d1f44cf8f0fd841ec1748ec04f249efdbd3bebc71fdf9697e46

Scanner detections:

5 / 68

Status:

Inconclusive (probably just false positive detections)

Analysis date:

4/26/2024 11:07:30 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

Backdoor/Win32.Hupigon

2015.05.06

Comodo Security

Heur.Packed.Unknown

22008

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.8.9.0

NANO AntiVirus

Trojan.Win32.Ruftar.cuayqt

0.30.24.1357

Trend Micro House Call

Suspicious_GEN.F47V0331

7.2.251

File size:

34.3 KB (35,152 bytes)

Digital Signature

Signed by:

NoVirusThanks Company Srl

Authority:

GlobalSign nv-sa

Valid from:

3/10/2014 4:07:46 PM

Valid to:

4/24/2015 5:31:15 PM

Subject:

E=support@novirusthanks.org, CN=NoVirusThanks Company Srl, O=NoVirusThanks Company Srl, L=Castiglione Del Lago, S=Perugia, C=IT

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121DCF3B9B62F534CB895AB6644359C84B9

File PE Metadata

Compilation timestamp:

3/28/2015 8:12:07 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.25

CTPH (ssdeep):

384:bBeVQhUPaxP2RN2Ihh9k1W2BAwdJPR4uq52X0eENmOd/fOIx+H0Oln3IKJ7ZE508:1iE7t2RJ7wJ5/0eEFhqU3QKj

Entry address:

0x60CC

Entry point:

55, 8B, EC, 83, C4, F0, A1, 1C, 78, 40, 00, C6, 00, 01, B8, 88, 42, 40, 00, E8, 08, DB, FF, FF, 68, F4, 60, 40, 00, E8, 32, E1, FF, FF, E8, 5D, D5, FF, FF, 00, 59, 41, 52, 41, 2D, 54, 45, 53, 54, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1095

Developed / compiled with:

Microsoft Visual C++

Code size:

18.5 KB (18,944 bytes)

Scan {9054eed1-2d8f-4468-b1e4-e520098447ea} - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.