» egmyk.exe
Overview
Analysis
File Details
Behaviors (1)

egmyk.exe

Anubirel

Anubirel Corporatu

The executable egmyk.exe, “Anubirel Visatl Studie 2020” has been detected as malware by 7 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

egmyk.exe

Publisher:

Anubirel Corporatu

Product:

Anubirel

Description:

Anubirel Visatl Studie 2020

Version:

11.2.33209.13339

MD5:

e63d3678dfdaf7e0f14be95b5261ba63

SHA-1:

d3fc05d1eaf150e4b49334a211c668fdee96b767

SHA-256:

87580d36c0605a749b00ec5c7972a4bfce8e1fb2ec2d2e58f44acb31424607f7

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/26/2024 7:16:37 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Win32/Cryptor

2014.0.4189

Bkav FE

HW32.Packed

1.3.0.4959

ESET NOD32

Win32/Kryptik.CQYB trojan

7.0.302.0

Malwarebytes

Trojan.Zemot

v2014.11.23.10

Norman

Heur.I

11.20141123

Quick Heal

FraudTool.Security

11.14.14.00

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141121

File size:

272.6 KB (279,096 bytes)

Product version:

11.2.33209.13339

Original file name:

bindacosh.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\muugib\egmyk.exe

File PE Metadata

Compilation timestamp:

2/8/2011 3:20:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

0.2

CTPH (ssdeep):

6144:a76RMI/3lRp1nUnwv5nmSWewbYlZRNk7eEzGwjyNuiLx5:a76b/x1nU05mSJwsJb+ANX

Entry address:

0x10648

Entry point:

55, 8B, EC, 81, EC, 54, 01, 00, 00, 8B, 0D, A4, 30, 42, 00, 81, E9, 00, A3, D2, 88, 89, 8D, E8, FE, FF, FF, 53, 8B, 95, E8, FE, FF, FF, 89, 95, E8, FE, FF, FF, 56, 03, D1, 89, 95, E8, FE, FF, FF, 57, 03, D2, 8B, B5, E8, FE, FF, FF, 89, 95, E8, FE, FF, FF, 89, B5, E8, FE, FF, FF, 89, B5, E8, FE, FF, FF, 68, 58, 30, 42, 00, FF, 15, DC, 27, 42, 00, 8B, 95, E8, FE, FF, FF, 83, FA, FA, 74, 36, 83, EA, 8C, 83, FA, EC, 75, 2E, B9, 95, 00, 00, 00, 83, EA, 74, 3B, 95, F0, FE, FF, FF, 75, 1E, 3B, 15, 50, 30, 42, 00... 
[+]

Entropy:

7.8872

Developed / compiled with:

Microsoft Visual C++

Code size:

123.5 KB (126,464 bytes)

Scheduled Task

Task name:

Security Center Update - 859050710

Trigger:

Daily (Runs daily at 11:00 AM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

Remove egmyk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.