» darkrat-relase.exe
Overview
Analysis
File Details

darkrat-relase.exe

Firefox

The executable darkrat-relase.exe has been detected as malware by 29 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

darkrat-relase.exe

Publisher:

Mozilla Corporation* (Invalid match)

Product:

Firefox

Version:

23.0.1.0

MD5:

b75f1cc8d4749f5b2aa1c4796826eec0

SHA-1:

a5c69b5b6615e781904fbc748ad33d42d6bf63a1

SHA-256:

15ea24db5328bd1a114ce51b3d88bdb3c8a06a1c2024eadeb084df140e278862

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/26/2024 10:43:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKDV.1401045

896

AhnLab V3 Security

Trojan/Win32.Fsysna

2013.12.03

Avira AntiVirus

TR/Fsysna.bqt

7.11.117.90

avast!

Win32:Malware-gen

2014.9-140822

AVG

Generic35

2015.0.3374

Baidu Antivirus

Trojan.Win32.Fsysna

4.0.3.14822

Bitdefender

Trojan.GenericKDV.1401045

1.0.20.1170

Comodo Security

TrojWare.Win32.UMal.~A

17376

Dr.Web

Win32.HLLW.Autoruner.25074

9.0.1.0234

Emsisoft Anti-Malware

Trojan.GenericKDV.1401045

8.14.08.22.05

ESET NOD32

MSIL/Bladabindi

8.9123

Fortinet FortiGate

W32/Fsysna.BQT!tr

8/22/2014

F-Secure

Trojan.GenericKDV.1401045

11.2014-22-08_6

G Data

Trojan.GenericKDV.1401045

14.8.22

IKARUS anti.virus

Trojan.Win32.Fsysna

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10380

Kaspersky

Trojan.Win32.Fsysna

14.0.0.3366

Malwarebytes

Spyware.BlackShadesNET

v2014.08.22.05

McAfee

Artemis!B75F1CC8D474

5600.7030

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AA

1.163.1557.0

MicroWorld eScan

Trojan.GenericKDV.1401045

15.0.0.702

NANO AntiVirus

Trojan.Win32.Fsysna.cmljax

0.28.0.56582

Norman

Suspicious_Gen5.AIAOW

11.20140822

Panda Antivirus

Generic Malware

14.08.22.05

Sophos

Mal/Generic-S

4.95

Trend Micro House Call

TROJ_GEN.R0CBC0EKM13

7.2.234

Trend Micro

TROJ_GEN.R0CBC0EKM13

10.465.22

Vba32 AntiVirus

Trojan.Fsysna

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

23962

File size:

234.5 KB (240,128 bytes)

Product version:

23.0.1.0

Trademarks:

Firefox is a Trademark of The Mozilla Foundation.

Original file name:

stub.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

11/5/2013 11:37:43 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:CrwLuV2UAW8oRkZf2MkL/COLctNqCrpuZ/bdC7vj+po+2d6lZMxl:CJBv8oGf2GVuZ/bdY6o+2SZMx

Entry address:

0x3B86F

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.7770

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

230.5 KB (236,032 bytes)

Remove darkrat-relase.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.