» avast_x64.exe
Overview
Analysis
File Details
Downloads (1)

avast_x64.exe

Apple Inc.

The executable avast_x64.exe, “Apple Inc. 9.1.2 Installation ” has been detected as malware by 23 anti-virus scanners. The file has been seen being downloaded from storage.googleapis.com.

File name:

avast_x64.exe

Publisher:

Apple Inc.

Description:

Apple Inc. 9.1.2 Installation

Version:

9.1.2

MD5:

08b145e3e05260bc537abd9a5d955ff0

SHA-1:

d2a7e9822c4d7b061dec00e4d1db11a6a868bef8

SHA-256:

eab00f6c91640274358c1ff6a75c0ecdcc5585dc64aadf2b3030ae3a3e34a0df

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/26/2024 11:10:37 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2364132

387

AhnLab V3 Security

Trojan/Win32.Blocker

2015.05.12

avast!

Win32:Dropper-gen [Drp]

2014.9-160114

Bitdefender

Trojan.GenericKD.2364132

1.0.20.70

Emsisoft Anti-Malware

Trojan.GenericKD.2364132

8.16.01.14.06

Fortinet FortiGate

W32/DwnLdr.MLW!tr

1/14/2016

F-Secure

Trojan.GenericKD.2364132

11.2016-14-01_5

G Data

Trojan.GenericKD.2364132

16.1.25

IKARUS anti.virus

Trojan.Win32.Kilim

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.203.15866

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.819

Malwarebytes

Trojan.KBayi.FLA

v2016.01.14.06

McAfee

Artemis!08B145E3E052

5600.6521

Microsoft Security Essentials

Trojan:Win32/Kilim.U

1.1.11602.0

MicroWorld eScan

Trojan.GenericKD.2364132

17.0.0.42

Norman

Suspicious_Gen4.IIFKB

11.20160114

nProtect

Trojan.GenericKD.2364132

15.05.11.01

Panda Antivirus

Trj/CI.A

16.01.14.06

Qihoo 360 Security

HEUR/QVM08.0.Malware.Gen

1.0.0.1015

Sophos

Troj/DwnLdr-MLW

4.98

Trend Micro House Call

TROJ_GEN.R08NC0DEA15

7.2.14

Trend Micro

TROJ_GEN.R08NC0DEA15

10.465.14

VIPRE Antivirus

Trojan.Win32.Generic

40136

File size:

618.5 KB (633,392 bytes)

Apple Inc.

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\avast_x64.exe

File PE Metadata

Compilation timestamp:

9/25/2009 1:57:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

12288:pNIQAPGsAqY9IMVYd38sJdpQHaYlY8KfY6LzXigm8:ePGSY91VwNJc6eqYkzyf8

Entry address:

0x42B4F

Entry point:

6A, 60, 68, 88, 1A, 46, 00, E8, AD, 5C, 01, 00, BF, 94, 00, 00, 00, 8B, C7, E8, E9, 56, 01, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 14, A2, 45, 00, 8B, 4E, 10, 89, 0D, A4, B4, 46, 00, 8B, 46, 04, A3, B0, B4, 46, 00, 8B, 56, 08, 89, 15, B4, B4, 46, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, A8, B4, 46, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, A8, B4, 46, 00, C1, E0, 08, 03, C2, A3, AC, B4, 46, 00, 33, F6, 56, 8B, 3D, 5C, A2, 45, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Entropy:

7.1811

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

354 KB (362,496 bytes)

The file avast_x64.exe has been seen being distributed by the following URL.

https://storage.googleapis.com/.../Avast_x64.exe

Remove avast_x64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.