home

Anti-virus-2014.exe

Anti-Malware

EksjöDataFixarn

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Anti-Malware’. The file has been seen being downloaded from roadpoint.se.
Publisher:
EksjöDataFixarn

Product:
Anti-Malware

Description:
EksjöDataFixarn Anti-Malware 2014

Version:
1.0.0.51

MD5:
caf51439f27fc8f85f2e93d5cb6e7a64

SHA-1:
1ae17e1de062fb70fa47ce53c8d05491e6d50858

SHA-256:
fb59eff19799d5164d093150f671fe10847ed799025887bc769fedd152daba54

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:34:47 AM UTC  (today)

File size:
2.3 MB (2,368,512 bytes)

Product version:
1.0.0.51

Copyright:
Copyright © EksjöDataFixarn 2014

Trademarks:
EksjöDataFixarn

Original file name:
Anti-virus-2014.exe

File type:
Executable application (Win32 EXE)

Language:
Swedish (Sweden)

File PE Metadata
Compilation timestamp:
7/15/2014 5:28:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:2VohJ4fRGJWMmCkd+QljbEff41gLw1/LCRGJWMmCkd+QljbEff41gLw1/LMhJ4zn:0w7L

Entry address:
0x2076AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2 MB (2,119,680 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Anti-Malware

Command:
C:\eksjödatafixarn anti-malware-2014\anti-virus-2014.exe


The file Anti-virus-2014.exe has been seen being distributed by the following URL.

http://roadpoint.se/.../Anti-virus-2014.exe

Scan Anti-virus-2014.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.