» fed8980db0d9f4eca2a893539cd66e30.pe
Overview
Analysis
File Details

fed8980db0d9f4eca2a893539cd66e30.pe

kl

cd

The file fed8980db0d9f4eca2a893539cd66e30.pe has been detected as malware by 28 anti-virus scanners.

File name:

Publisher:

Product:

Description:

Version:

1.00

MD5:

fed8980db0d9f4eca2a893539cd66e30

SHA-1:

89c9baddc945fe7ad78746019f254ca56eb68d70

SHA-256:

a12dd485745444852d14e0e0c98ff9ac5abaab1409f4a534d199f8ba5cc8f6c8

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/18/2024 7:15:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.578785

5690745

Agnitum Outpost

Trojan.Comet.Gen.LO

7.1.1

Avira AntiVirus

TR/Dropper.Gen

3.6.1.96

avast!

MSIL:GenMalicious-CHX [Trj]

150319-1

AVG

Trojan horse Inject2.BTSK

2014.0.4311

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.15425

Bitdefender

Gen:Variant.Kazy.578785

1.0.20.575

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Kazy.578785

9.0.0.4799

ESET NOD32

Win32/Injector.BWIS (variant)

9.11500

Fortinet FortiGate

W32/BWIS!tr

4/25/2015

F-Secure

Gen:Variant.Kazy.578785

11.2015-25-04_7

G Data

Gen:Variant.Kazy.578785

15.4.25

Kaspersky

Backdoor.Win32.DarkKomet

15.0.0.543

Malwarebytes

Trojan.Agent

v2015.04.25.01

McAfee

Trojan.Artemis!FED8980DB0D9

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.197.478.0

MicroWorld eScan

Gen:Variant.Kazy.578785

16.0.0.345

NANO AntiVirus

Trojan.Win32.Llac.dpgysi

0.30.16.1110

Norman

Obfuscated.FP!genr

11.20150425

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Generic

15.4.25.1

Rising Antivirus

PE:Trojan.VBInject!1.64B6

23.00.65.15423

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Fynloski

9915

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.115

Trend Micro

TROJ_FORUCON.BMC

10.465.25

VIPRE Antivirus

Threat.4657539

39354

File size:

909.7 KB (931,503 bytes)

Product version:

1.00

Trademarks:

Original file name:

crew.exe

Language:

English (United States)

Common path:

C:\users\{user}\downloads\fed8980db0d9f4eca2a893539cd66e30.pe

File PE Metadata

Compilation timestamp:

3/13/2015 8:24:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:FVVNotTAOW08Zn7CEPjjbDY3Qco4sJyj0lIdNBB5:zounDn7rjXDYA9vyjfdNz5

Entry address:

0x144C

Entry point:

7C, 90, 68, 60, 16, 40, 00, E8, EE, FF, FF, FF, FF, CC, 31, 00, 00, C7, 84, 32, 7D, BB, 15, 6F, 44, AE, BA, D0, 57, 35, BA, 9D, 7C, 97, A6, DC, AB, B7, E7, 9D, 44, 93, 11, 2D, 21, 65, A8, 38, CB, 72, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 00, 00, 00, 47, 00, 00, 00, 00, 08, 00, 4D, 44, 49, 46, 6F, 72, 6D, 31, 00, 14, 01, 08, 00, 4D, 44, 49... 
[+]

Entropy:

7.8041 (probably packed)

Code size:

28 KB (28,672 bytes)

Remove fed8980db0d9f4eca2a893539cd66e30.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.