» djsas011arbaaaa1za13a.exe
Overview
Analysis
File Details
Behaviors (1)

djsas011arbaaaa1za13a.exe

Lenovo SHAREit

Lenovo Group Limited

The executable djsas011arbaaaa1za13a.exe, “Lenovo SHAREit Setup ” has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘djSaS011arbaaa1za13a’.

File name:

Publisher:

Lenovo Group Limited

Product:

Lenovo SHAREit

Description:

Lenovo SHAREit Setup

Version:

2.1.21.0

MD5:

f8d9570b1aaee1d6e0038733aa9c1f2a

SHA-1:

b259194e16696d89e7675a4b253caef509aad9fc

SHA-256:

8e3ab42ee95a7e0e023e6ef4892207e085c902ed452fc6924951f4e9106bf769

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/20/2024 3:03:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2885279

435

Agnitum Outpost

Trojan.Yakes

7.1.1

Avira AntiVirus

TR/Crypt.ZPACK.215283

8.3.2.4

Arcabit

Trojan.Generic.D2C069F

1.0.0.597

avast!

Win32:Malware-gen

2014.9-151126

AVG

Crypt_r

2016.0.2913

Baidu Antivirus

Trojan.Win32.Yakes

4.0.3.151126

Bitdefender

Trojan.GenericKD.2885279

1.0.20.1650

Dr.Web

Trojan.PWS.Siggen1.43350

9.0.1.0330

Emsisoft Anti-Malware

Trojan.GenericKD.2885279

8.15.11.26.08

ESET NOD32

Win32/Kryptik.EFSQ (variant)

9.12610

Fortinet FortiGate

W32/Yakes.NLYX!tr

11/26/2015

F-Prot

W32/Agent.XL.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.2885279

11.2015-26-11_5

G Data

Trojan.GenericKD.2885279

15.11.25

IKARUS anti.virus

Trojan.Win32.Crypt

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.17939

Kaspersky

Trojan.Win32.Yakes

14.0.0.1061

Malwarebytes

Trojan.Agent

v2015.11.26.08

McAfee

RDN/Generic.dx

5600.6569

MicroWorld eScan

Trojan.GenericKD.2885279

16.0.0.990

NANO AntiVirus

Trojan.Win32.Siggen1.dywdfo

0.30.26.4751

Panda Antivirus

Trj/GdSda.A

15.11.26.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Reason Heuristics

Threat.Win.Reputation.IMP

15.11.27.21

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

45372

ViRobot

Trojan.Win32.A.Yakes.173056.N[h]

2014.3.20.0

File size:

169 KB (173,056 bytes)

Product version:

2.1.21.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

11/21/2015 3:29:08 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:y5kLUjgnOhGltWO8ZC+qnADhmhzTnAa6J6nYE62qKhQ:gkwSiHO2OnAD8lzA/J6YE6khQ

Entry address:

0x10D92

Entry point:

E8, D7, 30, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, 9E, 42, 00, 89, 0D, 04, 9E, 42, 00, 89, 15, 00, 9E, 42, 00, 89, 1D, FC, 9D, 42, 00, 89, 35, F8, 9D, 42, 00, 89, 3D, F4, 9D, 42, 00, 66, 8C, 15, 20, 9E, 42, 00, 66, 8C, 0D, 14, 9E, 42, 00, 66, 8C, 1D, F0, 9D, 42, 00, 66, 8C, 05, EC, 9D, 42, 00, 66, 8C, 25, E8, 9D, 42, 00, 66, 8C, 2D, E4, 9D, 42, 00, 9C, 8F, 05, 18, 9E, 42, 00, 8B, 45, 00, A3, 0C, 9E, 42, 00, 8B, 45, 04, A3, 10, 9E, 42, 00, 8D, 45, 08, A3, 1C, 9E, 42... 
[+]

Entropy:

6.3276

Code size:

100.5 KB (102,912 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

djSaS011arbaaa1za13a

Command:

C:\recycler\{random}\djsas011arbaaaa1za13a.exe

Remove djsas011arbaaaa1za13a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.