home

dos.exe

Ditetrah isothera

Heaventools Software

The executable dos.exe has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Key Name’.
Publisher:
GreenMind Association ffff  (signed by Heaventools Software)

Product:
Ditetrah isothera

Description:
Vefry un

Version:
1.08.0005

MD5:
bfb2ea9757387283110da35eace6ae2d

SHA-1:
b47af20897d441f7fa85029afc756615e1c704aa

SHA-256:
0a2a71472e373d2b67a345ec94add046ac01c8b5cc0179cf02b6b1bdb2a8d3e4

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/20/2024 2:23:55 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Zapchast
7.1.1

AhnLab V3 Security
Trojan/Win32.Zapchast
2013.08.23

Avira AntiVirus
TR/Dldr.Wauchos.B
7.11.97.226

avast!
Win32:VBInject-P [Trj]
2014.9-170108

AVG
Generic33
2018.0.2504

Bitdefender
Trojan.Krypt.Q
1.0.20.40

Dr.Web
BackDoor.IRC.Bot.2385
9.0.1.08

Emsisoft Anti-Malware
Trojan.Krypt.Q
8.17.01.08.03

ESET NOD32
Win32/Injector.AHVY (variant)
11.8720

Fortinet FortiGate
W32/Injector.AIEE!tr
1/8/2017

G Data
Trojan.Krypt
17.1.22

IKARUS anti.virus
Trojan.Win32.Ircbrute
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9363

Kaspersky
Trojan.MSIL.Zapchast
14.0.0.-983

Malwarebytes
Trojan.Inject.gen
v2017.01.08.03

McAfee
PWS-Zbot-FBCJ!BFB2EA975738
5600.6160

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!JD
1.163.1557.0

MicroWorld eScan
Trojan.Krypt.Q
18.0.0.24

Norman
Injector.EKTO
11.20170108

nProtect
Trojan/W32.Agent.155841
13.08.23.03

Panda Antivirus
Generic Malware
17.01.08.03

Sophos
Mal/Generic-S
4.91

Total Defense
Win32/Inject.EVUEPMC
37.0.10498

Trend Micro House Call
TROJ_GEN.R0CBZ07FQ13
7.2.8

Trend Micro
TROJ_GEN.R0CBZ07FQ13
10.465.08

Vba32 AntiVirus
Trojan.MSIL.Zapchast
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
20794

File size:
152.2 KB (155,841 bytes)

Product version:
1.08.0005

Copyright:
Intergla hexapla\' improvis 1990-2003

Original file name:
Miscensu mirkish.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\foldername\dos.exe

Digital Signature
Signed by:
Heaventools Software

Authority:
The USERTRUST Network

Valid from:
10/24/2007 7:30:00 PM

Valid to:
10/24/2009 7:29:59 PM

Subject:
CN=Heaventools Software, O=Heaventools Software, STREET=101-1001 West Broadway Dept. 381, L=Vancouver, S=BC, PostalCode=V6H4E4, C=CA

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
009F1730A374EFEA42ED0D1B504DA8F981

File PE Metadata
Compilation timestamp:
6/8/2013 8:34:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1668

Entry point:
68, B4, 17, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 7A, B7, 77, 75, 17, 9C, 1E, 45, 8C, 8D, CD, 3F, DC, B7, 13, 5D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 53, 63, 61, 6C, 65, 57, 41, 6E, 67, 61, 72, 69, 61, 74, 69, 6F, 6E, 00, 20, 20, 3D, 20, 00, 00, 00, 00, 01, 00, 03, 00, 38, 24, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 1C, 25, 40, 00, 44, 10, 41, 00, 00, 00, 00, 00, E0, 47, 18, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
64 KB (65,536 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Key Name

Command:
C:\users\{user}\appdata\roaming\foldername\dos.exe


Remove dos.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.