» dist-x.y.z.exe
Overview
Analysis
File Details

dist-x.y.z.exe

НОВОСТИ - ZetaGames

Underberry lp

The executable dist-x.y.z.exe has been detected as malware by 14 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

dist-x.y.z.exe

Publisher:

Underberry lp

Product:

НОВОСТИ - ZetaGames

Description:

ZetaGamesNews

Version:

2.0.16

MD5:

f102be00081bd8928f8ab1e98d58f294

SHA-1:

850336dc955d4f1ce09e4fee5aefb8067526da15

SHA-256:

c4c73ea922dbb35212bbebf9330ddeacdad6e42943896bccb0db61a52bf0ab5e

Scanner detections:

14 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 7:23:30 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:SaliCode

160118-1

AVG

Win32/Sality

2015.0.4489

Dr.Web

Win32.Sector.22

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5033.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46244

File size:

594.7 KB (609,008 bytes)

Product version:

2.0.16

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

12/27/2015 1:26:01 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:LqGEjxOSqTeZ9X0rdlwdb/lnwWtybAwmtPiI0mpGZ28:cZ6wdb/lnVtybWlgkGZ28

Entry address:

0x33B6

Entry point:

88, ED, 89, D9, 88, DD, 68, 0F, 68, DD, 00, 55, 40, 80, C9, 80, 84, D9, 69, EF, FA, 01, 36, F7, FF, CF, BB, A6, 8E, D7, 53, 0F, AF, D2, 3B, C1, 73, 04, 3A, CA, FE, C9, 69, CF, B2, CF, B9, A5, 80, F0, D7, 1B, F5, FF, CD, 40, 55, 68, 28, CA, A9, 00, C7, C3, 53, 55, C8, 62, 3D, 0D, 2D, FB, F5, E8, 56, 00, 00, 00, 87, CB, 86, D3, 80, E2, B0, 80, E6, 5A, 69, C8, 36, 32, 15, D1, 87, C8, 80, E9, 58, F6, C1, 93, 8D, 2D, BA, 72, 62, AB, BE, 02, 49, 01, 00, B0, 7C, 80, DC, 6A, 0F, AF, D9, 81, F6, 5E, 69, 00, 00, 87... 
[+]

Code size:

24.5 KB (25,088 bytes)

Remove dist-x.y.z.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.