home

dos.exe

Ditetrah isothera

Heaventools Software

The executable dos.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Key Name’.
Publisher:
GreenMind Association ffff  (signed by Heaventools Software)

Product:
Ditetrah isothera

Description:
Vefry un

Version:
1.08.0005

MD5:
e18b0f10266731c98815c1841714e17a

SHA-1:
a9d0ab72801d7fe8082a89680dd8dec9475eef9b

SHA-256:
6819315d0cde03bfc75d65df7231bd93778a67e81622bc65c27b002c33c3824b

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/25/2024 7:52:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Krypt.Q
43

Agnitum Outpost
Trojan.Zapchast
7.1.1

AhnLab V3 Security
Trojan/Win32.Zapchast
16.12.22

Avira AntiVirus
TR/Dldr.Wauchos.B
7.11.143.18

avast!
Win32:VBInject-P [Trj]
2014.9-161222

AVG
Generic33
2017.0.2521

Baidu Antivirus
Trojan.MSIL.Zapchast
4.0.3.161222

Bitdefender
Trojan.Krypt.Q
1.0.20.1785

Comodo Security
UnclassifiedMalware
18093

Dr.Web
BackDoor.IRC.Bot.2385
9.0.1.0357

Emsisoft Anti-Malware
Trojan.Krypt.Q
8.16.12.22.04

ESET NOD32
Win32/Injector.AHVY (variant)
10.9669

Fortinet FortiGate
W32/Injector.AIEE!tr
12/22/2016

F-Secure
Trojan.Krypt.Q
11.2016-22-12_5

G Data
Trojan.Krypt
16.12.24

IKARUS anti.virus
Trojan.Win32.Ircbrute
t3scan.1.6.1.0

K7 AntiVirus
EmailWorm
13.176.11737

Kaspersky
Trojan.MSIL.Zapchast
14.0.0.-898

Malwarebytes
Trojan.Inject.gen
v2016.12.22.04

McAfee
PWS-Zbot-FBCJ!E18B0F102667
5600.6177

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!JD
1.10401

MicroWorld eScan
Trojan.Krypt.Q
17.0.0.1071

NANO AntiVirus
Trojan.Win32.Zapchast.byshtn
0.28.0.59048

Norman
Injector.EKTO
11.20161222

nProtect
Trojan/W32.Agent.155841
14.04.11.01

Panda Antivirus
Generic Malware
16.12.22.04

Qihoo 360 Security
Win32/Trojan.718
1.0.0.1015

Sophos
Mal/VB-ALO
4.98

Total Defense
Win32/Inject.EVUEPMC
37.0.10873

Trend Micro
TROJ_GEN.R030C0EGU13
10.465.22

Vba32 AntiVirus
Trojan.MSIL.Zapchast
3.12.26.0

VIPRE Antivirus
Backdoor.Win32.VBInject.c
28196

File size:
152.2 KB (155,841 bytes)

Product version:
1.08.0005

Copyright:
Intergla hexapla\' improvis 1990-2003

Original file name:
Miscensu mirkish.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\foldername\dos.exe

Digital Signature
Signed by:
Heaventools Software

Authority:
The USERTRUST Network

Valid from:
10/24/2007 7:30:00 PM

Valid to:
10/24/2009 7:29:59 PM

Subject:
CN=Heaventools Software, O=Heaventools Software, STREET=101-1001 West Broadway Dept. 381, L=Vancouver, S=BC, PostalCode=V6H4E4, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009F1730A374EFEA42ED0D1B504DA8F981

File PE Metadata
Compilation timestamp:
6/8/2013 8:34:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1668

Entry point:
68, B4, 17, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 7A, B7, 77, 75, 17, 9C, 1E, 45, 8C, 8D, CD, 3F, DC, B7, 13, 5D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 53, 63, 61, 6C, 65, 57, 41, 6E, 67, 61, 72, 69, 61, 74, 69, 6F, 6E, 00, 20, 20, 3D, 20, 00, 00, 00, 00, 01, 00, 03, 00, 38, 24, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 1C, 25, 40, 00, 44, 10, 41, 00, 00, 00, 00, 00, E0, 47, 18, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
64 KB (65,536 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Key Name

Command:
C:\users\{user}\appdata\roaming\foldername\dos.exe


Remove dos.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.