home

cp32-update.exe

BASS_ALAC

MaresWEB

The executable cp32-update.exe, “Apple Lossless Audio Codec add-on for the BASS library” has been detected as malware by 37 anti-virus scanners.
Publisher:
MaresWEB

Product:
BASS_ALAC

Description:
Apple Lossless Audio Codec add-on for the BASS library

Version:
2.3.0.0

MD5:
9ac80438e44041bfa7f6cae3c25fcf9f

SHA-1:
61803c746707b5e1a2d7d29f57fd791da91be830

SHA-256:
d9a130f12ddfb2e2c9ea3fef21fbf8c7ed63f66b61f59f6df567c1b69cb4644d

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/23/2024 5:06:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Hiloti.2
517

Agnitum Outpost
Trojan.Hiloti.Gen
7.1.1

AhnLab V3 Security
Win-Trojan/Hiloti2.Gen
15.09.05

Avira AntiVirus
TR/PWS.Sinowal.Gen
7.11.143.192

avast!
Win32:Hilot [Trj]
2014.9-150905

AVG
Hiloti
2016.0.2995

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1595

Bitdefender
Gen:Variant.Hiloti.2
1.0.20.1240

Bkav FE
W32.Clod509.Trojan
1.3.0.4959

Clam AntiVirus
Win.Trojan.Hiloti-7282
0.98/18355

Comodo Security
TrojWare.Win32.TrojanDownloader.Mufanom.GEN
18112

Dr.Web
Trojan.Hiloti.based.2
9.0.1.0248

Emsisoft Anti-Malware
Gen:Variant.Hiloti
8.15.09.05.03

ESET NOD32
Win32/Cimag.CN
9.9682

Fortinet FortiGate
W32/Hiloti.CDF!tr
9/5/2015

F-Prot
W32/Hiloti.I.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Hiloti.2
11.2015-05-09_7

G Data
Gen:Variant.Hiloti
15.9.24

IKARUS anti.virus
Trojan-Downloader.Win32.Mufanom
t3scan.1.6.1.0

K7 AntiVirus
Trojan-Downloader
13.176.11770

Kaspersky
Trojan-Downloader.Win32.Mufanom
14.0.0.1472

Malwarebytes
Trojan.Agent.Gen
v2015.09.05.03

McAfee
Hiloti.gen.e
5600.6651

Microsoft Security Essentials
Trojan:Win32/Hiloti.gen!D
1.10501

MicroWorld eScan
Gen:Variant.Hiloti.2
16.0.0.744

NANO AntiVirus
Trojan.Win32.Mufanom.vzdqc
0.28.0.59288

Norman
Hiloti.gen
11.20150905

Panda Antivirus
Trj/Downloader.XUO
15.09.05.03

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.Comitproc.A
9.15.12.00

Rising Antivirus
PE:Trojan.Win32.Generic.1233D0CF!305385679
23.00.65.15903

Sophos
Mal/Hiloti-D
4.98

Total Defense
Win32/Hiloti.F!generic
37.0.10880

Trend Micro House Call
TROJ_HILOTI.SMEO
7.2.248

Trend Micro
TROJ_HILOTI.SMEO
10.465.05

Vba32 AntiVirus
BScope.Malware-Cryptor.Tip
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Hiloti.gen.f
28262

File size:
74 KB (75,776 bytes)

Product version:
2, 3, 0, 0

Copyright:
2003-2006, MaresWEB

Original file name:
bass_alac.dll

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cp32-update.exe

File PE Metadata
Compilation timestamp:
11/10/2009 12:10:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:1iLm2sIAlddDHXHl/beuPeld0gSrGqO2V67Gd7kQWNQQtoa:8C2sICpHXF3qAr+06Mt8l

Entry address:
0xB1A4

Entry point:
6A, DD, 68, 52, B3, 60, 59, E8, 7D, 00, 00, 00, 40, 6F, 42, 62, 02, 42, 04, 41, 86, 68, 62, 68, 42, 63, 02, 5C, 03, 42, 6A, 5A, 8E, 42, 02, 41, 42, 5D, 42, 58, 66, 62, 62, 42, 7E, 68, 69, 6C, 55, 01, 41, 77, 42, 5A, 74, 84, 72, 57, 40, 40, 40, 67, 00, 62, 5B, 86, 62, 54, 5E, 68, 03, 00, 84, 5A, 00, 40, 03, 01, 40, 42, 66, 74, 40, 01, 40, 00, 03, 04, 40, 01, 53, 77, 01, 03, 03, 42, 41, 68, 5B, 81, 41, 68, 69, 04, 57, 42, 03, 5A, 03, 40, 01, 51, 40, 01, 6B, 6C, 03, 66, 67, 6C, 00, 7C, 03, 41, 5E, 41, 40, 6E...
 
[+]

Entropy:
6.5271

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
64 KB (65,536 bytes)

Remove cp32-update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.