» fff6df136635047b3bedf2711c5af6a7
Overview
Analysis
File Details

fff6df136635047b3bedf2711c5af6a7

The file fff6df136635047b3bedf2711c5af6a7 has been detected as malware by 25 anti-virus scanners.

File name:

Version:

0.0.0.0

MD5:

fff6df136635047b3bedf2711c5af6a7

SHA-1:

f95c36e16c8f47a3f4aae9f2cdc0ed68208f4b07

SHA-256:

eeb4be6b3d830f09e4942514d47b89687115256e0ce74e9029c0a7b429f3f6c3

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/18/2024 10:41:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.472671

804

AhnLab V3 Security

Trojan/Win32.Agent

2014.11.20

Avira AntiVirus

TR/Dropper.MSIL.97802

7.11.187.200

avast!

Win32:Trojan-gen

2014.9-141123

AVG

MSIL5

2015.0.3282

Baidu Antivirus

Trojan.Win32.Neurevt

4.0.3.141123

Bitdefender

Gen:Variant.Kazy.472671

1.0.20.1635

Comodo Security

UnclassifiedMalware

20140

Dr.Web

Trojan.Betabot.3

9.0.1.0327

Emsisoft Anti-Malware

Gen:Variant.Kazy.472671

8.14.11.23.09

ESET NOD32

MSIL/Injector.GIO (variant)

8.10753

Fortinet FortiGate

W32/Neurevt.BDS!tr

11/23/2014

F-Secure

Gen:Variant.Kazy.472671

11.2014-23-11_1

G Data

Gen:Variant.Kazy.472671

14.11.24

IKARUS anti.virus

Trojan.Win32.Neurevt

t3scan.1.8.3.0

Kaspersky

Trojan.Win32.Neurevt

14.0.0.2903

Malwarebytes

Backdoor.Agent.SBFGen

v2014.11.23.09

McAfee

RDN/Generic.dx!dh3

5600.6938

MicroWorld eScan

Gen:Variant.Kazy.472671

15.0.0.981

NANO AntiVirus

Trojan.Win32.Neurevt.djcapz

0.28.6.63474

Panda Antivirus

Trj/CI.A

14.11.23.09

Qihoo 360 Security

Win32/Trojan.81f

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047H06KJ14

7.2.327

VIPRE Antivirus

Trojan.Win32.Generic

34956

File size:

724 KB (741,376 bytes)

Product version:

0.0.0.0

Original file name:

nd1.exe

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\91\fff6df136635047b3bedf2711c5af6a7

File PE Metadata

Compilation timestamp:

11/16/2014 6:57:40 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:HN3evL2ctGNvLwv1eQII9q/7eiIo6GvKCUZz4WtefqHG5GYu68F20Al1WUHb:H6PkMNxIOmtodxtrHcGZF20A1

Entry address:

0xB1B4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9392

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

704 KB (720,896 bytes)

Remove fff6df136635047b3bedf2711c5af6a7 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.