home

a790306755a7fd6e4160a803de549bd7_0.npb

winlogon

The file a790306755a7fd6e4160a803de549bd7_0.npb has been detected as malware by 38 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Product:
winlogon

Description:
File Folder

Version:
1.00

MD5:
a790306755a7fd6e4160a803de549bd7

SHA-1:
9ab48ce96c5d880a813e11cc5d1e52ce59c76fc3

SHA-256:
d2a21cd56bc855e548f7708addb2e579fec3f9f36bc96795fce1ebf0dd487788

Scanner detections:
38 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 6:22:45 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
6435775

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
HEUR/Fakon.mwf
2015.01.25

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:SaliCode
150101-1

AVG
Win32/Sality
2014.0.4253

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15125

Bitdefender
Win32.Sality.3
1.0.20.125

Bkav FE
W32.Sality.PE
1.3.0.6379

Comodo Security
Virus.Win32.Sality.Gen
20835

Dr.Web
Trojan.Siggen1.48641
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4799

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Fortinet FortiGate
W32/Agent.FDR!tr
1/25/2015

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
15.1.24

IKARUS anti.virus
Worm.Win32.VB
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.192.14746

Kaspersky
Virus.Win32.Sality
15.0.0.543

Malwarebytes
Trojan.LVBP.WL
v2015.01.25.01

McAfee
Trojan.Generic.dx!B892500830FE
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.3191.0

MicroWorld eScan
Win32.Sality.3
16.0.0.75

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.0.64812

Norman
Win32.Sality.3
03.12.2014 13:20:04

nProtect
Virus/W32.Sality.D
15.01.23.01

Panda Antivirus
W32/Sality.AA
15.01.25.01

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
1.15.14.00

Rising Antivirus
PE:Worm.VobfusEx!1.99DF
23.00.65.15123

Sophos
Virus 'Mal/Sality-D'
5.09

Total Defense
Win32/Sality.AA
37.0.11402

Trend Micro House Call
PE_SALITY.RL
7.2.25

Trend Micro
PE_SALITY.RL
10.465.25

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
36694

ViRobot
Win32.Sality.N[h]
2014.3.20.0

File size:
336 KB (344,064 bytes)

Product version:
1.00

Original file name:
new 2.0.exe

Language:
English (United States)

Common path:
C:\ProgramData\application data\net protector\npbkpn\a790306755a7fd6e4160a803de549bd7_0.npb

File PE Metadata
Compilation timestamp:
5/30/2005 6:49:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:2k+L7r1Tszc5fZKXXL79DfQfgOD06u76vEqHBs0iBLX3Nwfzq6c667wTJ:2zBuc5fZoBpO47QEshSH/6D6Q

Entry address:
0x17B8

Entry point:
3C, 52, 0F, AF, ED, C7, C6, 6A, BA, 2E, F7, 74, 04, 87, CA, FE, C0, 8A, CA, 38, E9, 02, FE, 81, DE, 47, BF, 63, 29, 21, FD, 81, FF, F5, FE, 00, 00, 70, 02, 86, FB, F6, C2, 13, E8, 24, 00, 00, 00, 25, D1, 33, BB, 99, 84, C1, 0F, BF, CA, 69, C2, 3B, 8F, BD, 9E, 00, C0, 81, EB, B9, 5C, 00, 00, C7, C1, 94, AB, B2, 9B, 81, C3, 9F, 00, 00, 00, C7, C2, 4B, BE, 30, 8F, 81, D2, DA, 24, 50, F0, F7, C2, 28, 0B, FB, 51, 03, D6, 8D, 1D, 82, F8, 3F, C5, 81, F9, 22, 63, 00, 00, 6B, F6, 00, 8D, 3D, 83, A4, 16, 2A, 89, C7...
 
[+]

Entropy:
5.4303

Code size:
108 KB (110,592 bytes)

Remove a790306755a7fd6e4160a803de549bd7_0.npb - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.