» alyacremovaltool.exe
Overview
Analysis
File Details
Downloads (1)

alyacremovaltool.exe

The executable alyacremovaltool.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from liveupdate.alyac.co.kr.

File name:

MD5:

d07a0b46cb072aea073990eea13edbcb

SHA-1:

554b6ec311344415636808bdfb917871610bf1c3

SHA-256:

271528ef13f96e7149202b402a8eaa62b10480e604c6c3519254e49e893347a9

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/25/2024 3:55:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.GenericKD.2548109

464

Agnitum Outpost

Trojan.Kazy

7.1.1

Avira AntiVirus

TR/Agent.1102336.14

8.3.1.6

Arcabit

Trojan.Generic.D26E18D

1.0.0.425

avast!

Win32:Malware-gen

2014.9-151029

AVG

Pakes2_c

2016.0.2942

Baidu Antivirus

Trojan.Win32.Reconyc

4.0.3.151029

Bitdefender

Dropped:Trojan.GenericKD.2548109

1.0.20.1510

Bkav FE

W32.SvhcotsB.Trojan

1.3.0.7062

Clam AntiVirus

Trojan.Delf-2531

0.98/21511

Comodo Security

TrojWare.Win32.PSW.QQPass.~BFP

23000

Emsisoft Anti-Malware

Dropped:Trojan.GenericKD.2548109

8.15.10.29.09

ESET NOD32

Generik.HZRLAZH (variant)

9.12088

Fortinet FortiGate

W32/Reconyc.ENFL!tr

10/29/2015

F-Prot

New

v6.4.7.1.166

F-Secure

Trojan.GenericKD.2548109

11.2015-29-10_5

G Data

Dropped:Trojan.GenericKD.2548109

15.10.25

IKARUS anti.virus

Trojan.Win32.Reconyc

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.208.16879

Kaspersky

Trojan.Win32.Reconyc

14.0.0.1203

McAfee

RDN/Generic Downloader.x!nx

5600.6598

Microsoft Security Essentials

Trojan:Win32/Skeeyah.A!bit

1.1.11903.0

MicroWorld eScan

Dropped:Trojan.GenericKD.2548109

16.0.0.906

NANO AntiVirus

Trojan.Win32.Nilage.czlnwb

0.30.24.3079

nProtect

Dropped:Trojan.GenericKD.2548109

15.08.13.01

Panda Antivirus

Trj/CI.A

15.10.29.09

Qihoo 360 Security

Win32/Trojan.fde

1.0.0.1015

Quick Heal

Trojan.Reconyc.r3

10.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.18E2D8EE!417519854

23.00.65.151027

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Remex.ZAYY!suspicious

37.1.62.1

Trend Micro

TROJ_GEN.R0EBC0CGD15

10.465.29

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

42848

ViRobot

Trojan.Win32.S.Agent.753960[h]

2014.3.20.0

File size:

736.3 KB (753,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\alyacremovaltool.exe

File PE Metadata

Compilation timestamp:

8/19/2007 1:31:03 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

12288:fq9j8agp7mLPpKr6ulRKECPavesgRUVAWHAVka/0gx0w7vdszqjqUwwoiFiEtJyD:fmoizpKOIo8O2jda/0gaw7Zj1oiQ1OMd

Entry address:

0x22240

Entry point:

60, BE, 15, 80, 41, 00, 8D, BE, EB, 8F, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.9967

Packer / compiler:

UPX 2.90LZMA

Code size:

44 KB (45,056 bytes)

The file alyacremovaltool.exe has been seen being distributed by the following URL.

http://liveupdate.alyac.co.kr/etc/analysis/.../ALYacRemovalTool.exe

Remove alyacremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.