» final.exe
Overview
Analysis
File Details

final.exe

The executable final.exe has been detected as malware by 27 anti-virus scanners.

File name:

final.exe

Publisher:

Microsoft* (Invalid match)

Product:

Microsoft

Version:

6.0.0.0

MD5:

60c23e9a832bb6335757d025460c8644

SHA-1:

c11ce30e901bd2d023677452451441bc7eb4f0d0

SHA-256:

d4766e4076255e76bd629af0ab436381e116458ed0a5042b93e1d0e568f552a5

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/20/2024 12:54:52 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.133601

675

Avira AntiVirus

TR/Kazy.133601

7.11.150.216

AVG

Boxed

2016.0.3153

Baidu Antivirus

Backdoor.Win32.Xtreme

4.0.3.1541

Bitdefender

Gen:Variant.Kazy.133601

1.0.20.455

Comodo Security

UnclassifiedMalware

18306

Dr.Web

Trojan.Siggen3.28688

9.0.1.091

Emsisoft Anti-Malware

Gen:Variant.Kazy.133601

8.15.04.01.06

ESET NOD32

Win32/Remtasu

9.9831

Fortinet FortiGate

W32/Remtasu.S

4/1/2015

F-Secure

Gen:Variant.Kazy.133601

11.2015-01-04_4

G Data

Gen:Variant.Kazy.133601

15.4.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Backdoor

13.178.12155

Kaspersky

Backdoor.Win32.Xtreme

14.0.0.2259

McAfee

RDN/Generic.dx!c2u

5600.6809

MicroWorld eScan

Gen:Variant.Kazy.133601

16.0.0.273

NANO AntiVirus

Trojan.Win32.Xtreme.codwcr

0.28.0.59921

Norman

Suspicious_Gen4.BKDGR

11.20150401

nProtect

Backdoor/W32.Xtreme.88576.B

14.05.21.01

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-MSFake[Less]

9962

Trend Micro House Call

TROJ_GEN.R0CBC0PKC13

7.2.91

Trend Micro

TROJ_GEN.R0CBC0PKC13

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

29456

Zillya! Antivirus

Backdoor.Xtreme.Win32.10272

2.0.0.1797

File size:

86.5 KB (88,576 bytes)

Product version:

6.0.0.0

Trademarks:

Microsoft

Original file name:

WindowsApplication5.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\final.exe

File PE Metadata

Compilation timestamp:

5/26/2012 3:51:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:KjZuVps8cz2o9cFE8Rvx3wpWeISU8rf8eU4T/qSdRT7txq+JHZfgWb:AZOyjcBRvBwpVISU8rf8eU+/JdRT7zVZ

Entry address:

0x16A5A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.3819

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

83 KB (84,992 bytes)

Remove final.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.