home

aa1d.exe

Cppcheck Portable

PortableApps.com

The executable aa1d.exe, “Cppcheck Portable (PortableApps.com Launcher)” has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 54.69.90.62.
Publisher:
PortableApps.com

Product:
Cppcheck Portable

Description:
Cppcheck Portable (PortableApps.com Launcher)

Version:
2.2.0.0

MD5:
5d3d47c78f6ff498ece970d7d03f405c

SHA-1:
cc4489c639d7aeca9e08e4379024259ca0150bdd

SHA-256:
e1c4e526ec6cdc9cc0c4bb0177d89032a4de4e818f4624c4baf4c04acabf452b

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/16/2024 12:04:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1946189
799

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2014.11.24

Avira AntiVirus
TR/Crypt.Xpack.106132
7.11.188.94

avast!
Win32:Kryptik-ONP [Trj]
2014.9-141128

AVG
Inject2
2015.0.3277

Baidu Antivirus
Trojan.Win32.Yakes
4.0.3.141128

Bitdefender
Trojan.GenericKD.1946189
1.0.20.1660

Bkav FE
W32.PammasJ.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
20178

Dr.Web
BackDoor.IRC.NgrBot.42
9.0.1.0332

Emsisoft Anti-Malware
Trojan.GenericKD.1946189
8.14.11.28.12

ESET NOD32
Win32/Injector.BOGA (variant)
8.10770

Fortinet FortiGate
W32/BOGA!tr
11/28/2014

F-Prot
W32/A-162448a3
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1946189
11.2014-28-11_6

G Data
Trojan.GenericKD.1946189
14.11.24

IKARUS anti.virus
Evilware.Outbreak
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.14113

Kaspersky
Trojan.Win32.Yakes
14.0.0.2880

Malwarebytes
Trojan.Agent
v2014.11.28.12

McAfee
RDN/Generic.dx!dg3
5600.6933

Microsoft Security Essentials
Trojan:Win32/Neurevt.C
1.11202

MicroWorld eScan
Trojan.GenericKD.1946189
15.0.0.996

NANO AntiVirus
Trojan.Win32.NgrBot.dhhrwe
0.28.6.63474

Norman
Suspicious_Gen4.HERGF
11.20141128

nProtect
Trojan.GenericKD.1946189
14.11.21.01

Panda Antivirus
Trj/Dtcontx.M
14.11.28.12

Quick Heal
TrojanRansom.Crowti.A4
11.14.14.00

Sophos
Mal/Wonton-T
4.98

Total Defense
Win32/Tnega.RAdNQLB
37.0.11295

Trend Micro House Call
TROJ_SPNR.11KB14
7.2.332

Trend Micro
TROJ_SPNR.11KB14
10.465.28

Vba32 AntiVirus
Trojan.Yakes
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35082

Zillya! Antivirus
Trojan.Yakes.Win32.25869
2.0.0.1991

File size:
316.5 KB (324,096 bytes)

Product version:
2.2.0.0

Copyright:
PortableApps.com

Trademarks:
PortableApps.com is a Trademark of Rare Ideas, LLC.

Original file name:
CppcheckPortable.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\aa1d.exe

File PE Metadata
Compilation timestamp:
10/27/2014 1:34:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:A7VCNkO6UXnbxZMVVoI8Gxg+eUVWRrPvHZfQxFAHKh:ZXnT3IBoUVW9uxKqh

Entry address:
0x7424

Entry point:
E8, 03, 17, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, EC, 41, 00, 89, 0D, D4, EC, 41, 00, 89, 15, D0, EC, 41, 00, 89, 1D, CC, EC, 41, 00, 89, 35, C8, EC, 41, 00, 89, 3D, C4, EC, 41, 00, 66, 8C, 15, F0, EC, 41, 00, 66, 8C, 0D, E4, EC, 41, 00, 66, 8C, 1D, C0, EC, 41, 00, 66, 8C, 05, BC, EC, 41, 00, 66, 8C, 25, B8, EC, 41, 00, 66, 8C, 2D, B4, EC, 41, 00, 9C, 8F, 05, E8, EC, 41, 00, 8B, 45, 00, A3, DC, EC, 41, 00, 8B, 45, 04, A3, E0, EC, 41, 00, 8D, 45, 08, A3, EC, EC, 41...
 
[+]

Code size:
49.5 KB (50,688 bytes)

The file aa1d.exe has been seen being distributed by the following URL.

http://54.69.90.62/bet40a5.exe

Remove aa1d.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.