» evilhookv1.exe
Overview
Analysis
File Details

evilhookv1.exe

The executable evilhookv1.exe has been detected as malware by 27 anti-virus scanners.

File name:

evilhookv1.exe

MD5:

f474ee8a3d85c1468b11bd7f137e0779

SHA-1:

c133ea61e133be32054a0dbd497eb89fa8470687

SHA-256:

0dc835e86120f26c212ecf49c9254f78b0574381eed004e183916797ef50d773

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/28/2024 3:36:19 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Genome

7.1.1

AhnLab V3 Security

Win-Trojan/Genome.495616.N

2013.08.11

Avira AntiVirus

TR/Gendal.495616.1

7.11.96.74

AVG

Generic12

2015.0.3435

Bitdefender

Trojan.Generic.309265

1.0.20.865

Clam AntiVirus

Win.Trojan.Genome-1496

0.98/18155

Comodo Security

UnclassifiedMalware

16743

Emsisoft Anti-Malware

Trojan.Generic.309265

8.14.06.22.04

ESET NOD32

Win32/Agent.NBUUEMC (variant)

8.8673

Fortinet FortiGate

W32/Genome.AFFU!tr

6/22/2014

F-Prot

W32/SecRisk-ProcessPatcher-base

v6.4.7.1.166

F-Secure

Trojan.Generic.309265

11.2014-22-06_1

G Data

Trojan.Generic.309265

14.6.22

IKARUS anti.virus

Trojan.Win32.Genome

t3scan.2.0.127

Kaspersky

Trojan.Win32.Genome

14.0.0.3672

McAfee

Generic.dx!F474EE8A3D85

5600.7091

MicroWorld eScan

Trojan.Generic.309265

15.0.0.519

NANO AntiVirus

Trojan.Win32.Genome.kgchq

0.26.0.53954

Norman

Suspicious_Gen2.TFLVD

11.20140622

nProtect

Trojan/W32.Genome.495616

13.08.09.03

Panda Antivirus

Generic Trojan

14.06.22.04

Rising Antivirus

Trojan.Win32.Generic.11EA0E1C

23.00.65.14620

Trend Micro House Call

TROJ_SPNR.0BK111

7.2.173

Trend Micro

TROJ_SPNR.0BK111

10.465.22

Vba32 AntiVirus

Trojan.Genome.af

3.12.22.3

VIPRE Antivirus

Trojan-Downloader.Generic

20366

ViRobot

Backdoor.Win32.S.Agent.495616.G

2011.4.7.4223

File size:

484 KB (495,616 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

11/22/2007 5:25:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:wB2Agd2b+3OmD/APMWTeYmbRVpOOVtnVNzp2HsSa3os6mTo+wua:u7gdhhD/AcYmbRVp5Xzp3S4os6mTo+

Entry address:

0x30FAF

Entry point:

E9, 4C, 5D, 00, 00, E9, 57, 45, 02, 00, E9, B2, 37, 04, 00, E9, 2D, 2F, 04, 00, E9, E8, CA, 00, 00, E9, A3, 9B, 05, 00, E9, 00, E1, 05, 00, E9, F9, 88, 01, 00, E9, F4, 3A, 01, 00, E9, 3F, 6D, 00, 00, E9, 7A, CA, 00, 00, E9, 75, AD, 05, 00, E9, BE, E0, 05, 00, E9, 2B, FD, 04, 00, E9, E6, 5B, 04, 00, E9, 21, 2F, 04, 00, E9, CC, 08, 02, 00, E9, 53, 43, 00, 00, E9, 9C, 43, 00, 00, E9, ED, CC, 03, 00, E9, 60, E0, 05, 00, E9, A3, 20, 01, 00, E9, 7E, A5, 05, 00, E9, F9, A3, 05, 00, E9, 04, BA, 03, 00, E9, F3, DF... 
[+]

Entropy:

5.4982

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

388 KB (397,312 bytes)

Remove evilhookv1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.