crashmon.exe

The executable crashmon.exe has been detected as malware by 36 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CrashMon’.
MD5:
bb4dd2a312839384b61dfd236a16eb4e

SHA-1:
846fc6aa89b42ee4cec60c473ee67eeacd2dada6

SHA-256:
e4569826836f678aa5b218476444cde3c27bffbb2851634b930714e3a8b89474

Scanner detections:
36 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
6/23/2024 6:58:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Virtob.Gen.12
955

Agnitum Outpost
Win32.Virut.AB.Gen
7.1.1

AhnLab V3 Security
Win32/Virut.E
2014.06.25

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

avast!
Win32:Scribble
140617-1

AVG
Win32/Virut
2014.0.3972

Baidu Antivirus
Virus.Win32.Virut.$ce
4.0.3.14625

Bitdefender
Win32.Virtob.Gen.12
1.0.20.880

Bkav FE
W32.Vetor.PE
1.3.0.4959

Comodo Security
Virus.Win32.Virut.CE
18662

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
8.14.06.25.04

ESET NOD32
Win32/Virut.NBP virus
7.0.302.0

Fortinet FortiGate
W32/Virut.CE
6/25/2014

F-Prot
W32/Virut.AL!Generic
4.6.5.141

F-Secure
Win32.Virtob.Gen.12
11.2014-25-06_4

G Data
Win32.Virtob.Gen.12
14.6.24

K7 AntiVirus
Virus
13.180.12512

Kaspersky
Virus.Win32.Virut
15.0.0.463

McAfee
W32/Virut.n.gen
5600.7089

Microsoft Security Essentials
Threat.Undefined
1.177.688.0

MicroWorld eScan
Win32.Virtob.Gen.12
15.0.0.528

NANO AntiVirus
Virus.Win32.Virut.hpeg
0.28.0.60475

Norman
Virut.HL
11.20140625

nProtect
Virus/W32.Virut.Gen
14.06.25.01

Panda Antivirus
W32/Sality.AO
14.06.25.04

Quick Heal
W32.Virut.G
6.14.14.00

Rising Antivirus
PE:Win32.Virut.ed!1609883
23.00.65.14623

Sophos
W32/Scribble-B
4.98

Total Defense
Win32/Virut.17408
37.0.11019

Trend Micro House Call
PE_VIRUX.R-1
7.2.176

Trend Micro
PE_VIRUX.R-1
10.465.25

Vba32 AntiVirus
Virus.Virut.14
3.12.26.3

VIPRE Antivirus
Threat.4739697
29708

ViRobot
Win32.Virut.AL
2011.4.7.4223

Zillya! Antivirus
Virus.Virut.Win32.25
2.0.0.1836

File size:
406 KB (415,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\universal updater\crashmon.exe

File PE Metadata
Compilation timestamp:
11/29/2010 8:59:13 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:4jE778FQ58F0gLs6eiumrErMq996NZH5GLd76j2pUL+FLgSVBlX:4jE78dF0gLeTwNZH5m6j2pNNV

Entry address:
0xE2AD

Entry point:
E8, 5A, 5A, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, D8, 56, 45, 00, E8, 09, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 28, CF, 45, 00, 03, 75, 43, 6A, 04, E8, 7C, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, BD, 5A, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, DF, 5A, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 68, 25, 00, 00, 59, C3, 56, 6A, 00, FF, 35, E4, CA, 45, 00, E9, C0, C7, 05, 00, 00, 85, C0, 75, 16, E8, C2, F7, FF...
 
[+]

Entropy:
6.5697

Code size:
296.5 KB (303,616 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CrashMon

Command:
"C:\Program Files\universal updater\crashmon.exe" "universalupdater"


Remove crashmon.exe - Powered by Reason Core Security