» f46ac1a243dbd99ba7062da53b48e36b
Overview
Analysis
File Details

f46ac1a243dbd99ba7062da53b48e36b

Strabism

The file f46ac1a243dbd99ba7062da53b48e36b, “Block Level Backup” has been detected as malware by 28 anti-virus scanners.

File name:

Product:

Strabism

Description:

Block Level Backup

Version:

1.0.0.0

MD5:

f46ac1a243dbd99ba7062da53b48e36b

SHA-1:

c007fef12d4f9afd7bfbaa86ce330ad05e6f3e57

SHA-256:

2d6a03aa9a578344e44a07e10d9b264abb51a3847ed3f264660a0c1b1857e5c7

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/20/2024 1:06:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1979846

804

AhnLab V3 Security

Malware/Win32.Generic

2014.11.20

Avira AntiVirus

TR/Dropper.MSIL.97012

7.11.187.200

avast!

Win32:Trojan-gen

2014.9-141123

AVG

MSIL5

2015.0.3282

Baidu Antivirus

Backdoor.Win32.Backoff

4.0.3.141123

Bitdefender

Trojan.GenericKD.1979846

1.0.20.1635

Dr.Web

Trojan.PWS.Stealer.13199

9.0.1.0327

Emsisoft Anti-Malware

Trojan.GenericKD.1979846

8.14.11.23.09

ESET NOD32

MSIL/Injector.GIP (variant)

8.10753

Fortinet FortiGate

W32/Backoff.DF!tr.bdr

11/23/2014

F-Prot

W32/Trojan3.MED

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1979846

11.2014-23-11_1

G Data

Trojan.GenericKD.1979846

14.11.24

IKARUS anti.virus

Backdoor.Win32.Backoff

t3scan.1.8.3.0

Kaspersky

Backdoor.Win32.Backoff

14.0.0.2903

Malwarebytes

Trojan.Passwords.MSIL

v2014.11.23.09

McAfee

RDN/Generic BackDoor!b2p

5600.6938

MicroWorld eScan

Trojan.GenericKD.1979846

15.0.0.981

NANO AntiVirus

Trojan.Win32.Backoff.diyazd

0.28.6.63474

Norman

Troj_Generic.XIEYZ

11.20141123

nProtect

Trojan.GenericKD.1979846

14.11.20.01

Panda Antivirus

Trj/Zbot.M

14.11.23.09

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Quick Heal

Backdoor.Back.r3

11.14.14.00

Sophos

Mal/MSIL-KL

4.98

Trend Micro House Call

Suspicious_GEN.F47V1117

7.2.327

VIPRE Antivirus

Trojan.Win32.Generic

34956

File size:

255.5 KB (261,632 bytes)

Product version:

1.0.0.0

Original file name:

Strabism.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\91\f46ac1a243dbd99ba7062da53b48e36b

File PE Metadata

Compilation timestamp:

11/16/2014 12:12:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:/lIa13U16XmP1DdVmdK4wuT/w5WgvNaU7X9h:l13UYXmP1q04wxVkUZh

Entry address:

0x3094E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.9146

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

186.5 KB (190,976 bytes)

Remove f46ac1a243dbd99ba7062da53b48e36b - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.