home

defrag.exe

Fußstückklappe

Malwarebytes Corporation

The executable defrag.exe has been detected as malware by 21 anti-virus scanners.
Publisher:
Malwarebytes Corporation  (signed and verified)

Product:
Fußstückklappe

Description:
Ministerbänken3

Version:
3.00.0004

MD5:
9851aae6c882c60a12a47c1d8a8519ea

SHA-1:
e7027f0feda49434128eef200a0a24a0861ca0fa

SHA-256:
6b4fbb6de2dc503d0745d909d79be88cd50b022ba4dda8b4ef6b473e1954cae5

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
4/26/2024 9:10:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1995492
372

Avira AntiVirus
TR/Dropper.VB.24495
7.11.192.58

avast!
Win32:Malware-gen
2014.9-160128

AVG
Pakes2_c
2017.0.2850

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.16128

Bitdefender
Trojan.GenericKD.1995492
1.0.20.140

ESET NOD32
Win32/Injector.BQEK (variant)
10.10819

Fortinet FortiGate
W32/Androm.FMTJ!tr.bdr
1/28/2016

F-Secure
Trojan.GenericKD.1995492
11.2016-28-01_5

G Data
Trojan.GenericKD.1995492
16.1.24

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.8.5.0

Kaspersky
Backdoor.Win32.Androm
14.0.0.747

Malwarebytes
Trojan.VBCrypt
v2016.01.28.01

McAfee
Artemis!9851AAE6C882
5600.6506

Microsoft Security Essentials
Worm:Win32/Gamarue
1.11202

MicroWorld eScan
Trojan.GenericKD.1995492
17.0.0.84

nProtect
Trojan.GenericKD.1995492
14.12.03.01

Panda Antivirus
Generic Suspicious
16.01.28.01

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R02KH07KR14
7.2.28

VIPRE Antivirus
Trojan.Win32.Generic
35380

File size:
249.3 KB (255,312 bytes)

Product version:
3.00.0004

Copyright:
Befehlsverweigerungen

Trademarks:
Kleinprofilwerkstätten

Original file name:
Bierfabriken8.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\defrag.exe

Digital Signature
Signed by:
Malwarebytes Corporation

Authority:
VeriSign, Inc.

Valid from:
6/3/2010 9:00:00 PM

Valid to:
6/4/2011 8:59:59 PM

Subject:
CN=Malwarebytes Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Malwarebytes Corporation, L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22A3557A2217CB2D89BAE979B554EF4D

File PE Metadata
Compilation timestamp:
11/25/2014 9:05:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:sNtHlfQymV2K428obvgRz+NRNAvoVZWMvJ3JM:6HFQR4lozgONAvoqMRZM

Entry address:
0x12F0

Entry point:
68, 90, B3, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 04, F6, 77, 0C, B6, BA, 19, 4C, B3, A7, E2, 8E, A0, 21, C2, FD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 06, 50, 83, 01, 4C, 6F, 68, 6E, 74, 61, 72, 69, 66, 38, 00, 00, A4, 27, ED, 02, 00, 00, 00, 00, FF, CC, 31, 00, 0C, F9, 35, DB, B4, 08, 05, DD, 4E, B8, 4E, D9, BE, 06, 8A, 12, BF, 9D, 1F, F6, A5, 70, EE, D6, 42, 9B, AC, 3E, E8, 43, 57, 9D, 5B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
220 KB (225,280 bytes)

Remove defrag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.