» {blocked}.exe
Overview
Analysis
File Details
Downloads (1)

{blocked}.exe

Project-OS.org

The executable {blocked}.exe has been detected as malware by 22 anti-virus scanners. The file has been seen being downloaded from fs02n3.sendspace.com.

File name:

{blocked}.exe

Publisher:

Project-OS.org

Version:

1.0.4972.35730

MD5:

cd78caca77d23e88f3dba08b7d68e551

SHA-1:

3dc83cb3d17c02730fc26ad729dde55ff7364496

SHA-256:

65c76b93542c7c334b509d3f393a56a8377669ec41809725f46243e24bb25540

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/23/2024 2:49:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.311419

374

Agnitum Outpost

Trojan.Surveyer

7.1.1

Avira AntiVirus

TR/Kazy.311419

7.11.213.146

AVG

MSIL2

2017.0.2852

Baidu Antivirus

Trojan.MSIL.Surveyer

4.0.3.16126

Bitdefender

Gen:Variant.Kazy.311419

1.0.20.130

Comodo Security

UnclassifiedMalware

21299

Emsisoft Anti-Malware

Gen:Variant.Kazy.311419

8.16.01.26.12

ESET NOD32

MSIL/Surveyer (variant)

10.11272

Fortinet FortiGate

MSIL/Surveyer.L!tr

1/26/2016

F-Prot

W32/S-a9543211

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.311419

11.2016-26-01_3

G Data

Gen:Variant.Kazy.311419

16.1.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

McAfee

Artemis!CD78CACA77D2

5600.6508

MicroWorld eScan

Gen:Variant.Kazy.311419

17.0.0.78

NANO AntiVirus

Trojan.Win32.Kazy.dfvgyr

0.30.0.296

Norman

Troj_Generic.SUQOQ

11.20160126

Panda Antivirus

Trj/Dtcontx.L

16.01.26.12

Qihoo 360 Security

Win32/Trojan.2e4

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

38138

File size:

2.2 MB (2,269,184 bytes)

Product version:

1.0.4972.35730

Original file name:

Blackshot Hack v.1.8.6.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\blackshot hack v.1.8.6.exe

File PE Metadata

Compilation timestamp:

8/13/2013 7:19:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:FLYmV79B4zZXoaXCaoudBzLn0HILWXRUo1wgAcTEoudqs:KmV79CdBBVz2ibus

Entry address:

0x2291EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 84, 5C, 0A, 52, 00, 00, 00, 00, 02, 00, 00, 00, 81, 00, 00, 00, 1C, A0, 22, 00, 1C, 76, 22, 00, 52, 53, 44, 53, 39, A4, 82, BA, E8, 55, EC, 48, A6, 9B, D0, 29, 71, 04, AE, 17, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 45, 58, 41, 4D, 50, 4C, 45, 5C, 44, 6F, 63, 75, 6D, 65, 6E, 74, 73, 5C, 56, 69, 73, 75, 61, 6C, 20, 53, 74, 75, 64, 69, 6F, 20, 32, 30, 30, 38, 5C, 50, 72, 6F, 6A, 65, 63, 74, 5C, 43, 42, 41, 53... 
[+]

Entropy:

6.9845

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

2.2 MB (2,257,408 bytes)

The file {blocked}.exe has been seen being distributed by the following URL.

https://fs02n3.sendspace.com/dl/d3a4441c00826e13616ffc85d58cac45/56c83d7e3ebe346d/.../Blackshot Hack v.1.8.6.exe

Remove {blocked}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.