» config.exe
Overview
Analysis
File Details
Behaviors (1)

config.exe

ESET, spol. s r.o.

The executable config.exe has been detected as malware by 20 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named MsWord triggered by a time event.

File name:

config.exe

Publisher:

ESET, spol. s r.o. (signed and verified)

Version:

1.0.0.0

MD5:

09368f1ea369c330eb0822129067daf2

SHA-1:

44d8b26226831ef05e72713943a3753d8a32363f

SHA-256:

2540823ec234f108a05f411fb390fd588dbf139d8d36269664fa99764182f2b5

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/25/2024 10:27:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.4581220

-40

AegisLab AV Signature

Troj.Dropper.Msil!c

2.1.4+

AhnLab V3 Security

Trojan/Win32.MDA.R161911

3.8.3.16

Avira AntiVirus

TR/Dropper.MSIL.iawtk

8.3.3.4

Arcabit

Trojan.Generic.D45E764

1.0.0.798

avast!

Win32:Malware-gen

2014.9-170316

AVG

Atros5

2018.0.2438

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Trojan.GenericKD.4581220

1.0.20.375

Dr.Web

Trojan.DownLoader23.56896

9.0.1.075

Emsisoft Anti-Malware

Trojan.GenericKD.4581220

8.17.03.16.10

ESET NOD32

MSIL/GenKryptik.XNE (variant)

11.15077

G Data

Trojan.GenericKD.4581220

17.3.A:25.11161B:25.9071

IKARUS anti.virus

Win32.SuspectCrc

0.2.1.2

McAfee

Artemis!09368F1EA369

5600.6094

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.13504.0

MicroWorld eScan

Trojan.GenericKD.4581220

18.0.0.225

Qihoo 360 Security

Win32/Trojan.Dropper.1b9

1.0.0.1120

Sophos

Mal/Generic-S

4.98

ViRobot

Trojan.Win32.Z.Agent.777928[h]

2014.3.20.0

File size:

759.7 KB (777,928 bytes)

Product version:

1.0.0.0

Original file name:

Invoice.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\msconfig\config.exe

Digital Signature

Signed by:

ESET, spol. s r.o.

Authority:

VeriSign, Inc.

Valid from:

5/7/2013 5:30:00 AM

Valid to:

7/6/2016 5:29:59 AM

Subject:

CN="ESET, spol. s r.o.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="ESET, spol. s r.o.", L=Bratislava, S=Slovakia, C=SK

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1FE3DE40019F833AFF5D55B998D712A8

File PE Metadata

Compilation timestamp:

3/11/2017 3:15:03 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0xBAECE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9572

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

740 KB (757,760 bytes)

Scheduled Task

Task name:

MsWord

Trigger:

Time

Remove config.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.