» DefragExpress.exe
Overview
Analysis
File Details

DefragExpress.exe

DefragExpress

DiskTrix Inc

The application DefragExpress.exe by DiskTrix Inc has been detected as a potentially unwanted program by 20 anti-malware scanners. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.

File name:

DefragExpress.exe

Publisher:

DiskTrix (signed by DiskTrix Inc)

Product:

DefragExpress

Version:

0, 0, 1, 46

MD5:

9dae299f22ee832ab5190c26a94a946f

SHA-1:

b1652dbd34c0c8fb576aa5e28c424f1c735b5fac

SHA-256:

774c186cf22a0baa9b970d4d66a6b7803616f50b5b5ab93ea34ab36c56387f23

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 6:16:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.216983

Avira AntiVirus

TR/Offend.kdv.216983.2

8.3.3.4

Arcabit

Trojan.Generic.KDV.D34F97

1.0.0.792

AVG

Fat-Obfuscated

2018.0.2488

Bitdefender

Trojan.Generic.KDV.216983

1.0.20.125

Dr.Web

Trojan.MulDrop5.1016

9.0.1.025

Emsisoft Anti-Malware

Trojan.Generic.KDV.216983

8.17.01.25.06

F-Secure

Packed:W32/PeCan.A

11.2017-25-01_4

G Data

Trojan.Generic.KDV.216983

17.1.25

IKARUS anti.virus

Backdoor.Win32.Hupigon

0.1.3.4

K7 AntiVirus

Trojan

13.246.21890

McAfee

Artemis!9DAE299F22EE

5600.6144

Microsoft Security Essentials

Trojan:Win32/Malagent!gmb

1.1.13303.0

MicroWorld eScan

Trojan.Generic.KDV.216983

18.0.0.75

NANO AntiVirus

Trojan.Win32.MulDrop3.bbqccy

1.0.70.14200

Qihoo 360 Security

Win32/Trojan.5a1

1.0.0.1120

Rising Antivirus

Trojan.Generic-VwArDUWLTgL (cloud)

23.00.65.17123

Sophos

Mal/EncPk-ANJ

4.98

Vba32 AntiVirus

Backdoor.Hupigon

3.12.26.4

VIPRE Antivirus

Trojan-Dropper.Win32.Resdro.b

54720

File size:

1.8 MB (1,908,048 bytes)

Product version:

0, 0, 1, 46

Original file name:

DefragExpress.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\defragexpress.exe

Digital Signature

Signed by:

DiskTrix Inc

Authority:

VeriSign, Inc.

Valid from:

5/18/2008 5:00:00 PM

Valid to:

5/19/2009 4:59:59 PM

Subject:

CN=DiskTrix Inc, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DiskTrix Inc, L=Surfside Beach, S=SouthCarolina, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7CA954EB874B1F80C7EA073A9D5A26A4

File PE Metadata

Compilation timestamp:

3/26/2009 8:44:06 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0xF9BE6

Entry point:

E8, 01, 00, 00, 00, C2, 87, 34, 24, 8D, B6, 85, FE, FF, FF, 87, 34, 24, E9, 73, FE, FF, FF, 47, B0, F8, 8B, 51, 01, E9, 9F, FE, FF, FF, C2, 80, FA, 0A, E9, 7C, F8, FF, FF, 80, A8, A9, 2A, 8B, 4D, FC, E9, 46, FF, FF, FF, 0D, 71, CB, 83, 7E, 18, 00, E9, EE, 00, 00, 00, 8B, E3, 32, FF, FF, FF, FF, 02, 83, C3, 14, E9, 11, FF, FF, FF, 6C, F0, 0F, 82, 93, 04, 00, 00, E9, D5, F9, FF, FF, 0F, 84, BD, FE, FF, FF, E9, 53, FB, FF, FF, 03, FE, E9, EB, F7, FF, FF, B7, 25, 5F, 8B, 41, 10, E9, FE, F9, FF, FF, 4D, 7E, CD... 
[+]

Entropy:

2.9290

Code size:

648 KB (663,552 bytes)

Remove DefragExpress.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.