» almtd.exe
Overview
Analysis
File Details
Behaviors (1)

almtd.exe

System

ALMOATMAD SOFT

The executable almtd.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘mtd’.

File name:

almtd.exe

Publisher:

ALMOATMAD SOFT

Product:

System

Version:

1.00

MD5:

fe1261747b91726bd72f6c059ab2f1eb

SHA-1:

99771ed2527c9b52de8dcdfed6722551bef5476f

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/19/2024 3:26:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2591554

521

Agnitum Outpost

Trojan.Diztakun

7.1.1

Avira AntiVirus

TR/Agent.1380352.112

8.3.1.6

Arcabit

Trojan.Generic.D278B42

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150901

Baidu Antivirus

Trojan.Win32.VB

4.0.3.1591

Bitdefender

Trojan.GenericKD.2591554

1.0.20.1220

Dr.Web

Trojan.StartPage1.17543

9.0.1.0244

Emsisoft Anti-Malware

Trojan.GenericKD.2591554

8.15.09.01.03

ESET NOD32

Win32/VB.RVF (variant)

9.12055

Fortinet FortiGate

W32/Diztakun.RVF!tr

9/1/2015

F-Secure

Trojan.GenericKD.2591554

11.2015-01-09_3

G Data

Trojan.GenericKD.2591554

15.9.25

IKARUS anti.virus

Trojan.Win32.VB

t3scan.1.9.5.0

K7 AntiVirus

P2PWorm

13.207.16812

Kaspersky

Trojan.Win32.Diztakun

14.0.0.1492

McAfee

Artemis!FE1261747B91

5600.6655

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!bit

1.1.11903.0

MicroWorld eScan

Trojan.GenericKD.2591554

16.0.0.732

nProtect

Trojan.GenericKD.2591554

15.08.06.02

Panda Antivirus

Trj/CI.A

15.09.01.03

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R047C0DGS15

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

42670

File size:

1.3 MB (1,380,352 bytes)

Product version:

1.00

Original file name:

almtd.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\almtd.exe

File PE Metadata

Compilation timestamp:

9/11/2013 12:50:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:g8QX0oy2sE6oCEim7CYpm5rg6bJ+QX0oy2sE6oCEim7CYpm5rg6bJ4ziTFmY3if6:gBJT5CEiSq5VJbJT5CEiSq5VJ4g

Entry address:

0x3D30

Entry point:

68, 94, 7A, 50, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 89, 21, 66, 62, 8F, A9, 05, 4B, 8F, 01, 62, E1, E0, 03, 14, ED, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 30, 32, 30, 34, 33, 30, 53, 79, 73, 74, 65, 6D, 00, 30, 00, 00, 00, 00, FF, CC, 31, 00, 50, 2D, 33, 9E, 6A, 53, 80, 22, 4E, B9, 75, 6E, 70, 6A, 45, 03, 5E, A9, 60, FB, 98, 73, B5, 37, 45, 8E, EF, C7, 45, 13, 81, 30, 8C, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

7.3952

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

1.3 MB (1,368,064 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

mtd

Command:

C:\Windows\System32\almtd.exe

Remove almtd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.