» contacts.exe
Overview
Analysis
File Details

contacts.exe

Joe's-Software-Emporium

The executable contacts.exe has been detected as malware by 33 anti-virus scanners.

File name:

contacts.exe

Publisher:

Joe's-Software-Emporium (signed and verified)

MD5:

f014543d92a902f54670fa6ad0f91bfe

SHA-1:

e3540a07c7dab52d71d2c7560a4b71eb900e384f

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/30/2024 3:16:35 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Jorik

2013.06.09

Avira AntiVirus

TR/FakeSysdef.Y

7.11.83.176

avast!

Win32:FakeSysdefs-A [Trj]

2014.9-140816

AVG

Cryptic

2015.0.3381

Bitdefender

Trojan.Generic.KD.385523

1.0.20.1140

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

16396

Dr.Web

Trojan.DownLoad2.39533

9.0.1.0228

Emsisoft Anti-Malware

Trojan.Generic.KD.385523

8.14.08.16.05

ESET NOD32

Win32/Kryptik.UMH (variant)

8.8427

Fortinet FortiGate

W32/FakeAV.OZ!tr

8/16/2014

F-Prot

W32/Agent.NH.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.KD.385523

11.2014-16-08_7

G Data

Trojan.Generic.KD.385523

14.8.22

IKARUS anti.virus

Trojan.Win32.FakeSysdef

t3scan.2.0.3.0

K7 AntiVirus

Trojan

13.170.8831

Kaspersky

Trojan.Win32.Jorik.Fraud

14.0.0.3399

Malwarebytes

Trojan.FakeAlert

v2014.08.16.05

McAfee

Generic FakeAlert.bz

5600.7037

Microsoft Security Essentials

Trojan:Win32/FakeSysdef

1.163.1557.0

MicroWorld eScan

Trojan.Generic.KD.385523

15.0.0.684

NANO AntiVirus

Trojan.Win32.Trojan.fpkvo

0.24.0.52697

Norman

Crypt.AWRL

11.20140816

nProtect

Trojan.Generic.KD.385523

13.06.08.02

Panda Antivirus

Generic Trojan

14.08.16.05

Quick Heal

Trojan.FakeAV

8.14.12.00

Sophos

Mal/FakeAV-OZ

4.89

SUPERAntiSpyware

Trojan.Agent/Gen-FakeSecurity

10419

Total Defense

Win32/FakeAV.CE!generic

37.0.10457

Trend Micro House Call

TROJ_FAKEAV.DVR

7.2.228

Trend Micro

TROJ_FAKEAV.DVR

10.465.16

Vba32 AntiVirus

Trojan.Jorik.Fraud

3.12.22.2

VIPRE Antivirus

Trojan.Win32.Fakesysdef.ae

18544

File size:

420.4 KB (430,480 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Joe's-Software-Emporium

Authority:

Root Agency

Valid from:

10/25/2011 9:42:02 PM

Valid to:

1/1/2040 12:59:59 AM

Subject:

CN=Joe's-Software-Emporium

Issuer:

CN=Root Agency

Serial number:

D11480AE3529489246A92685CB690CE3

File PE Metadata

Compilation timestamp:

10/25/2011 9:42:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:HUqCVgriS4vmONbiBITkVbVZvhgZE9Cw5eBbHxQrJz8M:HUhV4Z4xNbiBMq3zejGz8M

Entry address:

0x21D6

Entry point:

55, 8B, EC, 6A, FF, 68, E0, 71, 40, 00, 68, AC, 32, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 10, 71, 40, 00, 33, D2, 8A, D4, 89, 15, B4, BE, 47, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, B0, BE, 47, 00, C1, E1, 08, 03, CA, 89, 0D, AC, BE, 47, 00, C1, E8, 10, A3, A8, BE, 47, 00, 6A, 01, E8, 44, 0F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 64, 0E, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

7.9514

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

23 KB (23,552 bytes)

Remove contacts.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.