» crview.exe
Overview
Analysis
File Details

crview.exe

QuickTerm West GmbH

File name:

crview.exe

Publisher:

QuickTerm West GmbH (signed and verified)

Version:

0.4.3.9

MD5:

27be02dc299960d3786170947ee7e641

SHA-1:

562cb730840626848669d3f3566e0516883386fe

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/26/2024 8:40:25 PM UTC (today)

Scan engine

Detection

Engine version

Bitdefender

Gen:Trojan.Heur.FU.bq1@aSfzNabi

1.0.20.25

Emsisoft Anti-Malware

Trojan.Win32.Spy!IK

8.16.01.05.02

F-Secure

Gen:Trojan.Heur.FU.bq1@aSfzNabi

11.2016-05-01_3

G Data

Gen:Trojan.Heur.FU.bq1@aSfzNabi

16.1.22

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.1.118.0

SUPERAntiSpyware

Trojan.Agent/Gen-MalPE

9404

File size:

24.4 KB (24,992 bytes)

Product version:

0.4.3.9

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\crview.exe

Digital Signature

Signed by:

QuickTerm West GmbH

Authority:

GlobalSign nv-sa

Valid from:

12/14/2009 1:37:35 PM

Valid to:

12/14/2010 1:37:35 PM

Subject:

E=d.lohr@quickterm.de, CN=QuickTerm West GmbH, O=QuickTerm West GmbH, C=DE

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001258D51A84A

File PE Metadata

Compilation timestamp:

9/7/2010 8:02:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

384:7eag5euxqu9R2wXQEA9O+hyCtOPMd4MNE54XdUb+lu:hg5aUYwXZIjVSbpilu

Entry address:

0x20BB

Entry point:

C6, 05, C9, 50, 40, 00, 00, 68, 06, 4F, 40, 00, 6A, 00, 6A, 00, E8, B6, 07, 00, 00, A3, 2B, 52, 40, 00, 6A, 00, FF, 35, 2B, 52, 40, 00, E8, EC, 07, 00, 00, 0B, C0, 74, 02, 75, 3F, E8, 13, EF, FF, FF, 68, 00, 04, 00, 00, 68, E2, 4A, 40, 00, E8, C0, 07, 00, 00, 6A, 00, E8, A7, 07, 00, 00, A3, 17, 52, 40, 00, E8, 91, 07, 00, 00, A3, 1B, 52, 40, 00, 6A, 0A, FF, 35, 1B, 52, 40, 00, 6A, 00, FF, 35, 17, 52, 40, 00, E8, 06, 00, 00, 00, 50, E8, 65, 07, 00, 00, 55, 8B, EC, 83, C4, AC, C7, 45, D0, 30, 00, 00, 00, C7... 
[+]

Packer / compiler:

DJoin v0.7 public (xor encryption)

Code size:

6.5 KB (6,656 bytes)

Scan crview.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.