» astropop.exe
Overview
Analysis
File Details

astropop.exe

Zylom Games

The executable astropop.exe has been detected as malware by 28 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

astropop.exe

Product:

Zylom Games

Description:

Zylom Games

Version:

1, 0, 0, 1

MD5:

8926ba4db63073132738e831e72d6576

SHA-1:

28e3d282cc0f9a95db629823501722458a97a5ff

SHA-256:

558fcdf4af9c9bde238e89c3507da575912687e1479d94cdbfeb157f711d5051

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/25/2024 1:20:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Generic.724562

-40

Agnitum Outpost

Packed/PeSpin

7.1.1

Avira AntiVirus

TR/Spy.152310

8.3.2.2

Arcabit

Backdoor.Generic.DB0E52

1.0.0.425

AVG

Downloader.Agent2

2018.0.2438

Baidu Antivirus

Worm.Win32.Bybz

4.0.3.17316

Bitdefender

Backdoor.Generic.724562

1.0.20.375

Clam AntiVirus

Trojan.Backdoor-11

0.98/21511

Emsisoft Anti-Malware

Backdoor.Generic.724562

8.17.03.16.04

ESET NOD32

Generik.MHXFUYU (variant)

11.12171

Fortinet FortiGate

W32/Cryp_PESpin

3/16/2017

F-Prot

W32/Patched.R.gen

v6.4.7.1.166

F-Secure

Backdoor.Generic.724562

11.2017-16-03_5

G Data

Backdoor.Generic.724562

17.3.25

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.2017054

Kaspersky

Worm.Win32.Bybz

14.0.0.-1316

McAfee

Generic.dx

5600.6094

MicroWorld eScan

Backdoor.Generic.724562

18.0.0.225

NANO AntiVirus

Trojan.Win32.Agent2.ycccr

0.30.24.3283

nProtect

Backdoor.Generic.724562

15.08.28.01

Panda Antivirus

Generic Malware

17.03.16.04

Qihoo 360 Security

Win32/Trojan.Spy.568

1.0.0.1015

Quick Heal

(Suspicious) - DNAScan

3.17.14.00

Sophos

Mal/Packer

4.98

Trend Micro House Call

Cryp_PESpin

7.2.75

Trend Micro

Cryp_PESpin

10.465.16

VIPRE Antivirus

Trojan.Win32.Packer.PESpinv1.32

43298

File size:

148.7 KB (152,310 bytes)

Product version:

1, 0, 0, 1

Original file name:

Zylom Games

File type:

Executable application (Win32 EXE)

Language:

Dutch (Netherlands)

Common path:

C:\Program Files\astropop deluxe\astropop.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Entry address:

0x3E087

Entry point:

EB, 01, 68, 60, E8, 00, 00, 00, 00, 8B, 1C, 24, 83, C3, 12, 81, 2B, E8, B1, 06, 00, FE, 4B, FD, 82, 2C, 24, C8, DC, 46, 00, 0B, E4, 74, 9E, 75, 01, C7, 81, 73, 04, D7, 7A, F7, 2F, 81, 73, 19, 77, 00, 43, B7, F6, C3, 6B, B7, 00, 00, F9, FF, E3, C9, C2, 08, 00, A3, 68, 72, 01, FF, 5D, 33, C9, 41, E2, 17, EB, 07, EA, EB, 01, EB, EB, 0D, FF, E8, 01, 00, 00, 00, EA, 5A, 83, EA, 0B, FF, E2, EB, 04, 9A, EB, 04, 00, EB, FB, FF, 8B, 95, D2, 42, 40, 00, 8B, 42, 3C, 03, C2, 89, 85, DC, 42, 40, 00, EB, 02, 12, 77, F9... 
[+]

Entropy:

7.7016

Packer / compiler:

PE Spin v0.4x

Code size:

164 KB (167,936 bytes)

Remove astropop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.