» a122396b4da7d21d2e486212b6b70bd0.pe
Overview
Analysis
File Details

a122396b4da7d21d2e486212b6b70bd0.pe

Microsoft MSN Communications System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file a122396b4da7d21d2e486212b6b70bd0.pe, “MSN Uninstall Progman” has been detected as malware by 40 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft(R) MSN (R) Communications System

Description:

MSN Uninstall Progman

Version:

6.10.0016.1624

MD5:

a122396b4da7d21d2e486212b6b70bd0

SHA-1:

b2b70ff13cfcdad9994b81ba1198bf554bb1aa60

SHA-256:

4e797a472e7f77e4910525d2aefa46bb3ede8d8e776720657272c7c24c84d518

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

5/20/2024 11:16:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.VJadtre.3

658

Agnitum Outpost

Win32.Wapomi.Gen

7.1.1

AhnLab V3 Security

Win32/Viking.DQ

2015.04.16

avast!

Win32:Evo-gen [Susp]

2014.9-150417

AVG

Win32/Wapomi

2016.0.3136

Baidu Antivirus

Virus.Win32.Otwycal.$a

4.0.3.15417

Bitdefender

Win32.VJadtre.3

1.0.20.535

Bkav FE

HW32.Packed

1.3.0.6379

Clam AntiVirus

W32.Virus.Wapomi

0.98/21511

Comodo Security

Virus.Win32.Wapomi.K

21784

Dr.Web

Win32.HLLP.Protil.1

9.0.1.0107

Emsisoft Anti-Malware

Win32.VJadtre

8.15.04.17.09

ESET NOD32

Win32/Wapomi.AA

9.11482

Fortinet FortiGate

W32/Agent.R!tr

4/17/2015

F-Prot

W32/Injector.A.gen

v6.4.7.1.166

F-Secure

Win32.VJadtre.3

11.2015-17-04_6

G Data

Win32.VJadtre

15.4.25

herdProtect (fuzzy)

variant of virussign.com_013f1aec762c43fb5550cbf0aba27090.vir

2015.7.18.19

IKARUS anti.virus

Virus.Win32.Otwycal

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15609

Kaspersky

Virus.Win32.Otwycal

14.0.0.2176

Malwarebytes

Trojan.FakeMS.Gen

v2015.04.17.09

McAfee

W32/Simfect

5600.6792

Microsoft Security Essentials

Exploit:Win32/ShellCode.gen!B

1.1.11502.0

MicroWorld eScan

Win32.VJadtre.3

16.0.0.321

NANO AntiVirus

Virus.Win32.Otwycal.bopofk

0.30.16.1110

Norman

Kryptik.CDHN

11.20150417

nProtect

Win32.VJadtre.3

15.04.15.01

Panda Antivirus

Generic Suspicious

15.04.17.09

Qihoo 360 Security

Malware.Radar02.Gen

1.0.0.1015

Quick Heal

W32.Qvod.F

4.15.14.00

Rising Antivirus

PE:Worm.Win32.ShellCode.d!1595207

23.00.65.15415

Sophos

W32/Patched-AG

4.98

Total Defense

Win32/Wapomi.CD

37.0.11551

Trend Micro House Call

PE_WAPOMI.SM

7.2.107

Trend Micro

PE_WAPOMI.SM

10.465.17

Vba32 AntiVirus

Virus.Otwycal.a

3.12.26.3

VIPRE Antivirus

Virus.Win32.Otwycal.ab

39388

ViRobot

Win32.Otwycal.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Otwycal.Win32.1

2.0.0.2141

File size:

116 KB (118,784 bytes)

Product version:

6.10.0016.1624

Original file name:

MSNUNIN.EXE

Language:

English (United States)

Common path:

C:\users\{user}\downloads\virussignlist_free_150411\a122396b4da7d21d2e486212b6b70bd0.pe

File PE Metadata

Compilation timestamp:

7/19/2001 12:29:57 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.20

CTPH (ssdeep):

3072:Q3vO/R1ee/0a1BGp0nCFcjV7MV66f3jm3:ivUb8a1/nNhM3K

Entry address:

0x8000

Entry point:

55, 8B, EC, 81, EC, 84, 00, 00, 00, 83, 65, EC, 00, 83, 65, B0, 00, 83, 65, E0, 00, 83, 65, F0, 00, 83, 65, FC, 00, E8, 00, 00, 00, 00, 58, 05, 90, 02, 00, 00, 89, 45, E8, 64, A1, 30, 00, 00, 00, 89, 45, D8, C7, 45, C4, 43, 3A, 5C, 32, C7, 45, C8, 62, 36, 65, 37, C7, 45, CC, 32, 61, 32, 2E, C7, 45, D0, 65, 78, 65, 00, 8B, 45, D8, 8B, 40, 0C, 8B, 40, 1C, 8B, 00, 89, 45, E4, 8B, 45, E4, 8B, 40, 08, 89, 45, F4, 8B, 45, E8, C7, 00, 83, C4, 04, E9, 8B, 45, E8, C7, 40, 04, 96, 97, FF, FF, 8B, 45, F4, 8B, 40, 3C... 
[+]

Entropy:

7.0049

Developed / compiled with:

Microsoft Visual C++

Code size:

100 KB (102,400 bytes)

Remove a122396b4da7d21d2e486212b6b70bd0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.