home

aab6fc2ef981206d2744090ae2e0b922

UPX

The UPX Team http://upx.sf.net

The file aab6fc2ef981206d2744090ae2e0b922, “UPX executable packer” has been detected as malware by 16 anti-virus scanners.
Publisher:
The UPX Team http://upx.sf.net

Product:
UPX

Description:
UPX executable packer

Version:
3.07 (2010-09-08)

MD5:
aab6fc2ef981206d2744090ae2e0b922

SHA-1:
b125aeefedfda09a77d8f7858876bd61ac433626

SHA-256:
11b3401a41a896ec79c72b471cae597646511a9f9d4e9540c55dc17f7f46c10d

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/25/2024 7:46:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.164392
804

AhnLab V3 Security
Trojan/Win32.Scar
2014.11.20

AVG
Crypt3
2015.0.3282

Baidu Antivirus
Trojan.Win32.Kryptik
4.0.3.141123

Bitdefender
Gen:Variant.Graftor.164392
1.0.20.1635

Dr.Web
Win32.HLLW.Phorpiex.54
9.0.1.0327

Emsisoft Anti-Malware
Gen:Variant.Graftor.164392
8.14.11.23.09

ESET NOD32
Win32/Kryptik.CQOT (variant)
8.10748

F-Prot
W32/Backdoor2.HWLR
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.164392
11.2014-23-11_1

G Data
Gen:Variant.Graftor.164392
14.11.24

Malwarebytes
Trojan.Spy.Zbot
v2014.11.23.09

McAfee
Artemis!AAB6FC2EF981
5600.6938

MicroWorld eScan
Gen:Variant.Graftor.164392
15.0.0.981

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Trend Micro House Call
TROJ_GEN.R047H09KJ14
7.2.327

File size:
616.5 KB (631,296 bytes)

Product version:
3.07 (2010-09-08)

Copyright:
© 1996-2010 Markus F.X.J. Oberhumer

Original file name:
upx.exe

Language:
English (United States)

Common path:
C:\users\{user}\downloads\91\aab6fc2ef981206d2744090ae2e0b922

File PE Metadata
Compilation timestamp:
6/19/1992 2:57:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:CmBga/BS4poGfjwwoty4xn0dFQinKETs1o5oOiSaP/TcoFwo+QgBO/KJvciKRoRr:Nga84pBUDICHKbTiS2cot4VK2R5MI5J

Entry address:
0x6F0BC

Entry point:
55, 8B, EC, 83, C4, F0, B8, DC, EE, 46, 00, E8, 28, 75, F9, FF, A1, 54, 4C, 47, 00, 8B, 00, E8, B8, 62, FE, FF, 8B, 0D, 3C, 4D, 47, 00, A1, 54, 4C, 47, 00, 8B, 00, 8B, 15, 34, EA, 46, 00, E8, B8, 62, FE, FF, A1, 54, 4C, 47, 00, 8B, 00, E8, 2C, 63, FE, FF, E8, 97, 50, F9, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5109

Developed / compiled with:
Microsoft Visual C++

Code size:
440.5 KB (451,072 bytes)

Remove aab6fc2ef981206d2744090ae2e0b922 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.