» ea8a2840-sample
Overview
Analysis
File Details

ea8a2840-sample

VIST

The file ea8a2840-sample by VIST has been detected as a potentially unwanted program by 32 anti-malware scanners.

File name:

ea8a2840-sample

Publisher:

VIST (signed and verified)

MD5:

5b721621de17794176b31e067047d356

SHA-1:

de699a3782c4f1b560805176fd24414ef1daeb86

SHA-256:

5cd3ede07c830adc8d607eea78fe7c83173041489f72814e71a4c9b261006fb0

Scanner detections:

32 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 1:52:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.38439

765

AhnLab V3 Security

Malware/Win32.Generic

2014.11.02

Avira AntiVirus

TR/Crypt.XPACK.Gen2

7.11.182.172

avast!

Win32:LoadMoney-EB [PUP]

2014.9-141231

AVG

Win32/Cryptor

2015.0.3243

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.141231

Bitdefender

Gen:Variant.Symmi.38439

1.0.20.1825

Comodo Security

ApplicUnwnt.Win32.Hoax.ArchSMS.BMPC

19960

Dr.Web

Trojan.LoadMoney.15

9.0.1.0365

Emsisoft Anti-Malware

Gen:Variant.Symmi.38439

8.14.12.31.08

ESET NOD32

Win32/Kryptik.BUDO (variant)

8.10654

Fortinet FortiGate

W32/Kryptik.BVDG!tr

12/31/2014

F-Prot

W32/LoadMoney.X7.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Symmi.38439

11.2014-31-12_4

G Data

Gen:Variant.Symmi.38439

14.12.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13866

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

14.0.0.2711

Malwarebytes

PUP.Optional.LoadMoney.A

v2014.12.31.08

McAfee

Packed-AH!5B721621DE17

5600.6899

Microsoft Security Essentials

TrojanDownloader:Win32/Ogimant.A

1.11104

MicroWorld eScan

Gen:Variant.Symmi.38439

15.0.0.1095

NANO AntiVirus

Trojan.Win32.LoadMoney.ctttdi

0.28.6.62995

Norman

Kelihos.TJU

11.20141231

Qihoo 360 Security

HEUR/QVM07.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141229

Sophos

Troj/LdMon-E

4.98

Total Defense

Win32/Tnega.GYKPLVC

37.0.11258

Trend Micro House Call

TROJ_GEN.R08NC0DJQ14

7.2.365

Trend Micro

TROJ_GEN.R08NC0DJQ14

10.465.31

Vba32 AntiVirus

Malware-Cryptor.Limpopo

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

34424

File size:

106.4 KB (108,928 bytes)

Digital Signature

Signed by:

VIST

Authority:

COMODO CA Limited

Valid from:

1/20/2014 3:30:00 AM

Valid to:

1/21/2015 3:29:59 AM

Subject:

CN=VIST, O=VIST, STREET="Chistova, 6A", L=Moscow, S=Moscowskaya oblast, PostalCode=109390, C=RU

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

204E717AF42FC1AC4E22F179E6AF42F3

File PE Metadata

Compilation timestamp:

2/1/2014 1:55:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

40.0

CTPH (ssdeep):

1536:GwsNgdLgrcGnotA2EkHMsKbXFfMPx2i9dgso+V70aeTx7IkpAZMLDJJdNV5U:bVon3ro9Do+VV4xrk4JD7U

Entry address:

0x78AE

Entry point:

55, 8B, EC, 6A, FF, 68, B0, 45, 41, 00, 68, 30, 7A, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 08, 31, 41, 00, 59, 83, 0D, 28, 46, 41, 00, FF, 83, 0D, 2C, 46, 41, 00, FF, FF, 15, 0C, 31, 41, 00, 8B, 0D, CC, 45, 41, 00, 89, 08, FF, 15, 10, 31, 41, 00, 8B, 0D, C8, 45, 41, 00, 89, 08, A1, 14, 31, 41, 00, 8B, 00, A3, 30, 46, 41, 00, E8, 10, 01, 00, 00, 39, 1D, 70, 45, 41, 00, 75, 0C, 68, 2A, 7A, 40, 00, FF, 15, 18, 31... 
[+]

Entropy:

6.8937

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

71.5 KB (73,216 bytes)

Remove ea8a2840-sample - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.