» dslman_aj.exe
Overview
Analysis
File Details
Behaviors (1)

dslman_aj.exe

DSL Modem configurator

Gemfor s.r.o.

The executable dslman_aj.exe, “T-Mobile DSL Manager” has been detected as malware by 10 anti-virus scanners.

File name:

dslman_aj.exe

Publisher:

Gemfor s.r.o. (signed and verified)

Product:

DSL Modem configurator

Description:

T-Mobile DSL Manager

Version:

2013-06-18

MD5:

a831093f335eb82bbf32a2b8d1bec9ec

SHA-1:

1308756a875eff0bf138caa31bc2f572c18c3777

SHA-256:

08f4a505e51bb2bb6d5a7a4b24439deaa659f30af1616775f309cb259022c20f

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/24/2024 2:26:21 AM UTC (today)

Scan engine

Detection

Engine version

Bitdefender

Gen:Variant.Symmi.34277

1.0.20.1475

Bkav FE

W32.Cloda1a.Trojan

1.3.0.4562

Emsisoft Anti-Malware

Gen:Variant.Symmi.34277

8.16.10.21.01

F-Secure

Gen:Variant.Symmi.34277

11.2016-21-10_6

G Data

Gen:Variant.Symmi.34277

16.10.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

McAfee

Artemis!A831093F335E

5600.6240

MicroWorld eScan

Gen:Variant.Symmi.34277

17.0.0.885

Panda Antivirus

Suspicious file

16.10.21.01

Trend Micro House Call

TROJ_GEN.F47V1023

7.2.295

File size:

344.9 KB (353,128 bytes)

Product version:

2013-06-18

Original file name:

dslman.exe

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Gemfor s.r.o.

Authority:

VeriSign, Inc.

Valid from:

3/4/2012 2:00:00 AM

Valid to:

4/17/2015 2:59:59 AM

Subject:

CN=Gemfor s.r.o., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Gemfor s.r.o., L=Roztoky, S=n/a, C=CZ

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

34EB74104740AD22B9D9FC676F814A03

File PE Metadata

Compilation timestamp:

6/18/2013 6:26:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:NdZf7jTsQ9qnKbr5WoAD42N89UzBedBkKgQX368faAfbqmjI8:zZDjTH9Jr5Wf4Q/EdBkIn68f5DvU8

Entry address:

0x2936C

Entry point:

55, 8B, EC, 6A, FF, 68, 60, C5, 42, 00, 68, 3C, 95, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, B8, B3, 42, 00, 59, 83, 0D, 54, 67, 43, 00, FF, 83, 0D, 58, 67, 43, 00, FF, FF, 15, B4, B3, 42, 00, 8B, 0D, 2C, 67, 43, 00, 89, 08, FF, 15, B0, B3, 42, 00, 8B, 0D, 28, 67, 43, 00, 89, 08, A1, AC, B3, 42, 00, 8B, 00, A3, 50, 67, 43, 00, E8, 5E, 01, 00, 00, 39, 1D, 48, 5B, 43, 00, 75, 0C, 68, 38, 95, 42, 00, FF, 15... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

165 KB (168,960 bytes)

Windows Firewall Allowed Program

Name:

dslman_aj.exe

Remove dslman_aj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.