biodredprov.exe

The executable biodredprov.exe has been detected as malware by 9 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “KSecPkg Winsock-IFS-Treiber COM+-Systemanwendung”.
Remove biodredprov.exe - Powered by Reason Core Security
MD5:
e0b012fa2ae681f469f2fab135ac110a

SHA-1:
b545ce31ba66c26bf21d5970a3ead04f3afcc195

SHA-256:
7ef148318246eb4a2af18eb9e66dd13b3d495c30f518083c1a214888353ee51c

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
12/11/2016 5:17:49 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Antiy Labs AVL
Trojan/Win32.TSGeneric
0.1.0.1

avast!
Win32:Downloader-VHK [Trj]
140608-0

AVG
Trojan horse Agent4.BVVY
2014.0.3955

ESET NOD32
Win64/Agent.BR trojan
7.0.302.0

Fortinet FortiGate
W64/Agent.BR!tr
6/10/2014

Reason Heuristics
Threat.Win.Reputation.IMP
14.6.10.13

SUPERAntiSpyware
Trojan.Agent/Gen-Artemis
10552

VIPRE Antivirus
Trojan.Win32.Generic
28994

Remove biodredprov.exe - Powered by Reason Core Security
File size:
116.5 KB (119,296 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Windows\System32\biodredprov.exe

File PE Metadata
Compilation timestamp:
5/13/2014 3:20:44 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:om9JmCx25PB5GDdlirKoUl6zBgZLdE0cwfgm8Z4ZTr3Lwu:om9wa25PB5GDdliWoUMzBg1cG8Z45Lf

Entry address:
0x11F20

Entry point:
48, 83, EC, 28, E8, 0F, 34, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, 60, B5, 00, 00, 33, D2, FF, 15, F8, F2, FE, FF, 85, C0, 75, 17, E8, 6F, 01, 00, 00, 48, 8B, D8, FF, 15, 0E, F2, FE, FF, 8B, C8, E8, 17, 01, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, 48, 8D, 05, DD, FB, FE, FF, 48, 89, 01, E9, 79, 35, 00, 00, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, C3, FB, FE, FF, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, 5A, 35...
 
[+]

Code size:
106 KB (108,544 bytes)

Service
Display name:
KSecPkg Winsock-IFS-Treiber COM+-Systemanwendung

Service name:
HOSUNAME

Type:
Win32OwnProcess


Remove biodredprov.exe - Powered by Reason Core Security