home

c6ba3ca351803d531dbe3cd978039eb9.exe

ICQ LTD

The application c6ba3ca351803d531dbe3cd978039eb9.exe by ICQ has been detected as a potentially unwanted program by 34 anti-malware scanners.
Publisher:
ICQ LTD  (signed and verified)

MD5:
c6ba3ca351803d531dbe3cd978039eb9

SHA-1:
fdc4871664f1277d02a779965d8af02f54b6bd9f

SHA-256:
98045614085dc0a0629e94d239933630741060931f77bb7c52b674c444372c8a

Scanner detections:
34 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:01:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.563011
405

Agnitum Outpost
Trojan.Inject
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.06.23

Avira AntiVirus
TR/Dropper.MSIL.126555
8.3.1.6

Arcabit
Trojan.Kazy.D89743
1.0.0.425

avast!
Win32:Malware-gen
2014.9-151227

AVG
MSIL7
2016.0.2883

Baidu Antivirus
Adware.Win32.Agent
4.0.3.151227

Bitdefender
Gen:Variant.Kazy.563011
1.0.20.1805

Comodo Security
UnclassifiedMalware
22542

Dr.Web
Trojan.AVKill.28644
9.0.1.0361

Emsisoft Anti-Malware
Trojan.MSIL.Inject
8.15.12.27.03

ESET NOD32
MSIL/Injector.IDJ (variant)
9.11825

Fortinet FortiGate
MSIL/Kryptik.BDZ!tr
12/27/2015

F-Secure
Gen:Variant.Kazy.563011
11.2015-27-12_1

G Data
Gen:Variant.Kazy.563011
15.12.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16319

Kaspersky
Trojan.MSIL.Inject
14.0.0.909

Malwarebytes
Backdoor.Bot
v2015.12.27.03

McAfee
RDN/Generic.dx!dj3
5600.6539

Microsoft Security Essentials
PWS:MSIL/Wealwedst.A
1.1.11701.0

MicroWorld eScan
Gen:Variant.Kazy.563011
16.0.0.1083

NANO AntiVirus
Trojan.Win32.Inject.dokliy
0.30.24.2086

Panda Antivirus
Trj/CI.A
15.12.27.03

Qihoo 360 Security
Win32/Trojan.bca
1.0.0.1015

Quick Heal
Trojan.MSI.r3
12.15.14.00

Sophos
Troj/MSIL-BTX
4.98

Trend Micro House Call
TROJ_FRS.BMA000C315
7.2.361

Trend Micro
TROJ_FRS.BMA000C315
10.465.27

Vba32 AntiVirus
Trojan.MSIL.Inject
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41356

ViRobot
Trojan.Win32.S.Agent.163336.B[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Inject.Win32.159220
2.0.0.2242

File size:
159.5 KB (163,336 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
ICQ LTD

Authority:
VeriSign, Inc.

Valid from:
8/12/2013 7:00:00 PM

Valid to:
8/12/2016 6:59:59 PM

Subject:
CN=ICQ LTD, OU=ICQ LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ICQ LTD, L=Tel Aviv, S=Alberta, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CD0B62DDB9C535FD03D4EF0A75D7CE4

File PE Metadata
Compilation timestamp:
2/25/2015 3:25:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:QOgu8GoguZ3d0zPUsSApEPBmsPfLdJ/RF6BDSpNo:LoB8fjABmsPfLD/R091

Entry address:
0x2235E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6118

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
132 KB (135,168 bytes)

Remove c6ba3ca351803d531dbe3cd978039eb9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.