» deb562e830bcf35378c6526ec6f89b9a.exe
Overview
Analysis
File Details

deb562e830bcf35378c6526ec6f89b9a.exe

Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable deb562e830bcf35378c6526ec6f89b9a.exe, “Win32 Cabinet Self-Extractor ” has been detected as malware by 20 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Internet Explorer

Description:

Win32 Cabinet Self-Extractor

Version:

11.00.9600.16384 (winblue_rtm.130821-1623)

MD5:

deb562e830bcf35378c6526ec6f89b9a

SHA-1:

b95a8a1ac10a35c53395c040e38704036df8c147

SHA-256:

45f201bcf3e3c479961cdca19f6a3f16fe01b04f765da999ed0cadc024bd7589

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/25/2024 9:47:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12006588

835

Avira AntiVirus

TR/Agent.cada.28254

7.11.180.144

avast!

MSIL:Agent-CFC [Trj]

2014.9-141022

AVG

MSIL5

2015.0.3313

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.141022

Bitdefender

Trojan.Generic.12006588

1.0.20.1475

Dr.Web

Trojan.PWS.Stealer.13293

9.0.1.0295

Emsisoft Anti-Malware

Trojan.Generic.12006588

8.14.10.22.06

ESET NOD32

MSIL/Agent.PSQ

8.10603

Fortinet FortiGate

MSIL/Agent.PSQ!tr

10/22/2014

F-Secure

Trojan.Generic.12006588

11.2014-22-10_4

G Data

Trojan.Generic.12006588

14.10.24

Kaspersky

Trojan-PSW.MSIL.Agent

14.0.0.3061

McAfee

Artemis!DEB562E830BC

5600.6969

MicroWorld eScan

Trojan.Generic.12006588

15.0.0.885

Norman

DarkComet.D

11.20141022

nProtect

Trojan.Generic.12006588

14.10.22.01

Qihoo 360 Security

HEUR/QVM41.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.177FA4F5!394241269

23.00.65.141020

Sophos

Mal/Generic-S

4.98

File size:

892.5 KB (913,920 bytes)

Product version:

11.00.9600.16384

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

8/22/2013 6:01:48 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:QQcy0rJ7+63dyeWr2tI734O3WrDz0ySnO:QQL0rJ66dWr2t+4yWrDzen

Entry address:

0x67CC

Entry point:

E8, 07, 0B, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 58, 68, 68, 75, 40, 00, E8, BD, 0B, 00, 00, 33, DB, 89, 5D, E0, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, 70, A1, 40, 00, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 8B, F3, BA, EC, 88, 40, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 74, 07, 3B, C7, 75, 16, 33, F6, 46, 83, 3D, F0, 88, 40, 00, 01, 75, 17, 6A, 1F, E8, 30, 09, 00, 00, 59, EB, 43, 68, E8, 03, 00, 00, FF, 15, 6C, A1, 40, 00, EB, C8, 39, 1D... 
[+]

Code size:

25.5 KB (26,112 bytes)

Remove deb562e830bcf35378c6526ec6f89b9a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.