» chc-s1245_133_build200.exe
Overview
Analysis
File Details

chc-s1245_133_build200.exe

TAB Software Corp.

The executable chc-s1245_133_build200.exe has been detected as malware by 20 anti-virus scanners.

File name:

Publisher:

TAB Software Corp. (signed and verified)

MD5:

79b86e372c6098643e640b4721358c7c

SHA-1:

74e366211a2d6c14c445b5fe07b44979e5e77be7

SHA-256:

3bf67c2eeca248aa52034191e924933f0ab8dbd4d908250af1d9059d5a1adb92

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/24/2024 9:12:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.8886949

398

Avira AntiVirus

TR/Rogue.8886949

8.3.2.4

Arcabit

Trojan.Generic.D879AA5

1.0.0.597

avast!

Win32:Malware-gen

2014.9-160102

AVG

Dropper.Generic8

2017.0.2876

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.1612

Bitdefender

Trojan.Generic.8886949

1.0.20.10

Emsisoft Anti-Malware

Trojan.Generic.8886949

8.16.01.02.01

Fortinet FortiGate

W32/Daws.BGQV!tr

1/2/2016

F-Secure

Trojan.Generic.8886949

11.2016-02-01_7

G Data

Trojan.Generic.8886949

16.1.25

Kaspersky

Trojan-Dropper.Win32.Daws

14.0.0.877

McAfee

Artemis!79B86E372C60

5600.6532

MicroWorld eScan

Trojan.Generic.8886949

17.0.0.6

NANO AntiVirus

Trojan.Win32.Daws.ddbmmu

0.30.26.4751

nProtect

Trojan.Generic.8886949

15.11.20.01

Panda Antivirus

Trj/CI.A

16.01.02.01

Qihoo 360 Security

Win32/Trojan.b7f

1.0.0.1077

VIPRE Antivirus

Trojan.Win32.Generic

45352

Zillya! Antivirus

Dropper.Daws.Win32.11489

2.0.0.2524

File size:

3.1 MB (3,289,384 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\chc-s1245_133_build200.exe

Digital Signature

Signed by:

TAB Software Corp.

Authority:

The Code Project

Valid from:

3/14/2010 5:00:00 PM

Valid to:

3/15/2011 4:59:59 PM

Subject:

CN=TAB Software Corp., O=TAB Software Corp., STREET=8118 Victoria Woods Pl, L=Fort Wayne, S=IN, PostalCode=46825, C=US

Issuer:

CN=The Code Project Code Signing CA, O=The Code Project, C=CA

Serial number:

2D1BA639200257F67D3BF35D52C53381

File PE Metadata

Compilation timestamp:

4/12/2010 12:17:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

98304:rMzwFJPH3+ApckSovEEm3sJhHiOEm3sJhpiqoj:rMzkf35pckVwsODwsViqoj

Entry address:

0x4E21F

Entry point:

E8, 37, 7F, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 89, E2, 44, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, AD, 70, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D, 00, 00, 00, 00... 
[+]

Entropy:

7.8543 (probably packed)

Code size:

420 KB (430,080 bytes)

Remove chc-s1245_133_build200.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.