» Anonymous DoSer.exe
Overview
Analysis
File Details
Downloads (1)

Anonymous DoSer.exe

ZqcgGgrl

gtgTuQPr

The executable Anonymous DoSer.exe has been detected as malware by 20 anti-virus scanners. The file has been seen being downloaded from dc700.4shared.com.

File name:

Anonymous DoSer.exe

Publisher:

gtgTuQPr

Product:

ZqcgGgrl

Description:

WlpskJYR

Version:

5.4.9.2

MD5:

c9b685417b79136910f29b122361b034

SHA-1:

2502357a0600318be6c80a88e68eb80138769c79

SHA-256:

5f37866b3fd9a0de5a74f74ec6257b214f3be2e4d62905aa5f747ddc03e8721e

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/26/2024 1:17:55 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.59646

862

Avira AntiVirus

TR/Dropper.MSIL.Gen8

7.11.157.204

avast!

Win32:Malware-gen

2014.9-140926

AVG

Dropper.Small

2015.0.3340

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.14926

Bitdefender

Gen:Variant.Kazy.59646

1.0.20.1345

Comodo Security

TrojWare.MSIL.Kryptik.AZ

18719

Dr.Web

Trojan.DownLoader5.31868

9.0.1.0269

Emsisoft Anti-Malware

Gen:Variant.Kazy.59646

8.14.09.26.04

ESET NOD32

MSIL/Kryptik.AZ (variant)

8.10023

Fortinet FortiGate

MSIL/Kryptik.EEA!tr

9/26/2014

F-Secure

Gen:Variant.Kazy.59646

11.2014-26-09_6

G Data

Gen:Variant.Kazy.59646

14.9.24

IKARUS anti.virus

Trojan-Dropper.Small

t3scan.1.6.1.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3194

McAfee

RDN/Generic Dropper!tv

5600.6996

MicroWorld eScan

Gen:Variant.Kazy.59646

15.0.0.807

Panda Antivirus

Generic Malware

14.09.26.04

Qihoo 360 Security

Win32/Trojan.b1f

1.0.0.1015

Sophos

Mal/Generic-S

4.98

File size:

625.5 KB (640,512 bytes)

Product version:

5.4.9.2

EBYtSKHS

Trademarks:

jxTHQoiM

Original file name:

Anonymous DoSer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\anonymous doser.exe

File PE Metadata

Compilation timestamp:

12/4/2013 1:56:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:5byqVh2jpSsKfC1SYcRC8ab20cFdu5HmDLjcRjUsOChxrfBHL/:528up+fvYJwE5AyUs1hj/

Entry address:

0x7760E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.9862

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

470 KB (481,280 bytes)

The file Anonymous DoSer.exe has been seen being distributed by the following URL.

http://dc700.4shared.com/download/.../Anonymous_DoSer.exe

Remove Anonymous DoSer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.