home

elevator.exe

TODO:

DeviceVM Inc.

The executable elevator.exe, “TODO: <File description>” has been detected as malware by 10 anti-virus scanners.
Publisher:
TODO: <Company name>  (signed by DeviceVM Inc.)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
7cdc037e798ed02f9bcbe74bce888a67

SHA-1:
c207e39f939a3f7f79d1b41b4b17a8a6f2378cbc

SHA-256:
50756101688fec77ed706b307023992907f829c4a4a9ee1851e5712d626daeb0

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/19/2024 12:42:55 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160327-1

AVG
Win32/Mabezat
2015.0.4530

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

Emsisoft Anti-Malware
Win32.Worm.Mabezat.Gen
11.5.0.6191

ESET NOD32
Win32/Mabezat.A virus
7.0.302.0

F-Prot
W32/Mabezat.A-2
4.6.5.141

Kaspersky
Worm.Win32.Mabezat
15.0.0.562

McAfee
Virus.W32/Mabezat.a
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.219.58.0

Norman
Win32.Worm.Mabezat.Gen
02.04.2016 17:35:19

File size:
468.3 KB (479,551 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
SelfElevator.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\elevator.exe

Digital Signature
Signed by:
DeviceVM Inc.

Authority:
GlobalSign nv-sa

Valid from:
10/4/2007 4:45:02 PM

Valid to:
10/4/2008 4:45:02 PM

Subject:
E=info@devicevm.com, CN=DeviceVM Inc., O=DeviceVM Inc., C=US

Issuer:
CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:
010000000001156B7A0EE9

File PE Metadata
Compilation timestamp:
2/21/2008 9:24:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:pwuZo9oH90nPVvUYlDY5EgcZyuqUbZqOYrTlz4ChcEPHqZiguX8wbF2KOVPZrfMy:snPmYl05EgcyuqUF6F4tEPHah5RZrN

Entry address:
0x1CBB5

Entry point:
BB, 6F, BC, 97, 27, 93, E9, 20, 01, 00, 00, 75, 1B, 7E, 7A, 26, AA, 7E, 7A, CE, EB, 02, FE, FE, 7E, FE, FE, 03, FE, FE, FE, 5D, 2F, 34, 2F, 2E, 2F, 37, 35, 34, FE, FE, FE, 72, 5F, 78, 63, 60, 5F, 6B, 5F, 2C, 62, 6A, 6A, FE, FE, FE, FE, 5A, FE, FE, FE, 44, 70, 63, 63, 4A, 67, 60, 70, 5F, 70, 77, FE, 41, 70, 63, 5F, 72, 63, 42, 67, 70, 63, 61, 72, 6D, 70, 77, 3F, FE, FE, FE, FE, 45, 63, 72, 55, 67, 6C, 62, 6D, 75, 71, 42, 67, 70, 63, 61, 72, 6D, 70, 77, 3F, FE, FE, FE, FE, 45, 63, 72, 4B, 6D, 62, 73, 6A, 63...
 
[+]

Code size:
200 KB (204,800 bytes)

Remove elevator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.