» c1b4bb67b0cdeae316f95c406ae59354_[servioes.exe].sos
Overview
Analysis
File Details

c1b4bb67b0cdeae316f95c406ae59354_[servioes.exe].sos

The file c1b4bb67b0cdeae316f95c406ae59354_[servioes.exe].sos has been detected as malware by 33 anti-virus scanners.

File name:

MD5:

c1b4bb67b0cdeae316f95c406ae59354

SHA-1:

2c52d782a932a0f63f1e67aeb031f5fa63340de5

SHA-256:

a5bb566d013643deb6a7d46c4653978c9844a7d79958175f4e42ac606a0e8f1c

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/26/2024 11:52:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Generic.135184

680

Agnitum Outpost

Packed/NSPack

7.1.1

AhnLab V3 Security

Win-Trojan/Xema.variant

2015.03.14

Avira AntiVirus

TR/Agent.194048.B

7.11.217.14

avast!

Win32:Spyware-gen [Spy]

2014.9-150327

AVG

Generic30

2016.0.3158

Baidu Antivirus

Trojan.Win32.Delf

4.0.3.15327

Bitdefender

Backdoor.Generic.135184

1.0.20.430

Bkav FE

W32.HfsAutoB

1.3.0.6379

Comodo Security

Backdoor.Win32.Popwin.~IQ

21398

Dr.Web

BackDoor.Certificado.16

9.0.1.086

Emsisoft Anti-Malware

Backdoor.Generic.135184

8.15.03.27.08

ESET NOD32

Win32/TrojanProxy.Delf.NAS

9.11316

Fortinet FortiGate

W32/Malware_fam.NB

3/27/2015

F-Prot

W32/Heuristic-210

v6.4.7.1.166

F-Secure

Backdoor.Generic.135184

11.2015-27-03_6

G Data

Backdoor.Generic.135184

15.3.25

IKARUS anti.virus

Trojan-GameThief.Win32.OnLineGames

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15259

Kaspersky

Trojan.Win32.Genome

14.0.0.2283

McAfee

Artemis!C1B4BB67B0CD

5600.6814

MicroWorld eScan

Backdoor.Generic.135184

16.0.0.258

NANO AntiVirus

Trojan.Win32.Delf.cqjmc

0.30.0.296

Norman

Banker.FMPD

11.20150327

nProtect

Backdoor.Generic.135184

15.03.13.01

Panda Antivirus

Generic Malware

15.03.27.08

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Sophos

Mal/Packer

4.98

Trend Micro House Call

Mal_MLWR-24

7.2.86

Trend Micro

Mal_MLWR-24

10.465.27

Vba32 AntiVirus

TrojanDownloader.Delf

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

38396

Zillya! Antivirus

Virus.Hupigon.Win32.5

2.0.0.2097

File size:

189.5 KB (194,048 bytes)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\suspect\c1b4bb67b0cdeae316f95c406ae59354_[servioes.exe].sos

File PE Metadata

Compilation timestamp:

6/20/1992 6:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:HsPexb7oc6D7SakIfxu25PRsSd/DnBAgVDhX1wDrbf3+2IQGF22+9m/59grZt:HsPuoNXTk4xu2h5AUXArbq1s2r/YD

Entry address:

0x88148

Entry point:

9C, 60, E8, 00, 00, 00, 00, 5D, B8, 07, 00, 00, 00, 2B, E8, 8D, B5, 30, FC, FF, FF, 8A, 06, 3C, 00, 74, 12, 8B, F5, 8D, B5, 58, FC, FF, FF, 8A, 06, 3C, 01, 0F, 84, 42, 02, 00, 00, C6, 06, 01, 8B, D5, 2B, 95, EC, FB, FF, FF, 89, 95, EC, FB, FF, FF, 01, 95, 1C, FC, FF, FF, 8D, B5, 60, FC, FF, FF, 01, 16, 60, 6A, 40, 68, 00, 10, 00, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 95, 94, FC, FF, FF, 85, C0, 0F, 84, 6A, 03, 00, 00, 89, 85, 14, FC, FF, FF, E8, 00, 00, 00, 00, 5B, B9, 68, 03, 00, 00, 03, D9, 50, 53, E8, B1... 
[+]

Entropy:

7.9712

Packer / compiler:

nSpack V2.x

Code size:

188 KB (192,512 bytes)

Remove c1b4bb67b0cdeae316f95c406ae59354_[servioes.exe].sos - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.