home

dos.exe

Ditetrah isothera

Heaventools Software

The executable dos.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Key Name’.
Publisher:
GreenMind Association ffff  (signed by Heaventools Software)

Product:
Ditetrah isothera

Description:
Vefry un

Version:
1.08.0005

MD5:
e9628dbc3086d2a7e3cf6d402c8b3a40

SHA-1:
9b5f0795686e7fd5f47fa5192e3b8619f3898a65

SHA-256:
b27b340bf2b393125bd7fe9d1925731fa08668a4de2bece75f98fd05c8054214

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/25/2024 3:35:13 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Zapchast
7.1.1

AhnLab V3 Security
Trojan/Win32.Zapchast
2013.11.27

Avira AntiVirus
TR/Dldr.Wauchos.B
7.11.115.226

avast!
Win32:VBInject-P [Trj]
2014.9-170103

AVG
Generic33
2018.0.2509

Baidu Antivirus
Trojan.MSIL.Zapchast
4.0.3.1713

Bitdefender
Trojan.Krypt.Q
1.0.20.15

Dr.Web
BackDoor.IRC.Bot.2385
9.0.1.03

Emsisoft Anti-Malware
Trojan.Krypt.Q
8.17.01.03.12

ESET NOD32
Win32/Injector.AHVY (variant)
11.9099

Fortinet FortiGate
W32/Injector.AIEE!tr
1/3/2017

F-Secure
Trojan.Krypt.Q
11.2017-03-01_3

G Data
Trojan.Krypt
17.1.22

IKARUS anti.virus
Trojan.Win32.Ircbrute
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10319

Kaspersky
Trojan.MSIL.Zapchast
14.0.0.-958

Malwarebytes
Trojan.Inject.gen
v2017.01.03.12

McAfee
PWS-Zbot-FBCJ!E9628DBC3086
5600.6165

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!JD
1.163.1557.0

MicroWorld eScan
Trojan.Krypt.Q
18.0.0.9

NANO AntiVirus
Trojan.Win32.Zapchast.chjhgs
0.28.0.56420

Norman
Injector.EKTO
11.20170103

nProtect
Trojan/W32.Agent.155841
13.11.26.01

Panda Antivirus
Generic Malware
17.01.03.12

Sophos
Mal/Generic-S
4.95

Total Defense
Win32/Inject.EVUEPMC
37.0.10498

Trend Micro House Call
TROJ_GEN.R0C1C0FG613
7.2.3

Trend Micro
TROJ_GEN.R0C1C0FG613
10.465.03

Vba32 AntiVirus
Trojan.MSIL.Zapchast
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
23756

File size:
152.2 KB (155,841 bytes)

Product version:
1.08.0005

Copyright:
Intergla hexapla\' improvis 1990-2003

Original file name:
Miscensu mirkish.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\foldername\dos.exe

Digital Signature
Signed by:
Heaventools Software

Authority:
The USERTRUST Network

Valid from:
10/24/2007 7:30:00 PM

Valid to:
10/24/2009 7:29:59 PM

Subject:
CN=Heaventools Software, O=Heaventools Software, STREET=101-1001 West Broadway Dept. 381, L=Vancouver, S=BC, PostalCode=V6H4E4, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009F1730A374EFEA42ED0D1B504DA8F981

File PE Metadata
Compilation timestamp:
6/8/2013 8:34:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1668

Entry point:
68, B4, 17, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 7A, B7, 77, 75, 17, 9C, 1E, 45, 8C, 8D, CD, 3F, DC, B7, 13, 5D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 53, 63, 61, 6C, 65, 57, 41, 6E, 67, 61, 72, 69, 61, 74, 69, 6F, 6E, 00, 20, 20, 3D, 20, 00, 00, 00, 00, 01, 00, 03, 00, 38, 24, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 1C, 25, 40, 00, 44, 10, 41, 00, 00, 00, 00, 00, E0, 47, 18, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
64 KB (65,536 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Key Name

Command:
C:\users\{user}\appdata\roaming\foldername\dos.exe


Remove dos.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.