» fpplbdxm.exe
Overview
Analysis
File Details
Behaviors (1)

fpplbdxm.exe

The executable fpplbdxm.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘qfinmkwp’.

File name:

fpplbdxm.exe

MD5:

515748e1d233e3426bc8a88ee00bc86e

SHA-1:

53d57c53e923cfaf25c3cf91f580ff3e10ee45e0

SHA-256:

ead43398de9dea592ae785168ed320d9ebb3ac6e35a9f0beb354e420a01cdc00

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/26/2024 5:21:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.482832

828

AhnLab V3 Security

Trojan/Win32.Agent

2014.10.30

Avira AntiVirus

TR/Agent.CODY

7.11.182.78

avast!

Win32:Malware-gen

141025-0

AVG

Crypt3

2015.0.3306

Bitdefender

Gen:Variant.Kazy.482832

1.0.20.1515

Comodo Security

TrojWare.Win32.Kryptik.CNUR

19942

Dr.Web

BackDoor.Kuluoz.68

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.482832

8.14.10.30.10

ESET NOD32

Win32/Kryptik.CODY (variant)

8.10643

Fortinet FortiGate

W32/Kryptik.CNUR!tr

10/30/2014

F-Prot

W32/A-40cb1160

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.482832

11.2014-30-10_5

G Data

Gen:Variant.Kazy.482832

14.10.24

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3023

Malwarebytes

Trojan.Krypt

v2014.10.30.10

McAfee

Downloader-FAHQ!515748E1D233

5600.6962

Microsoft Security Essentials

Threat.Undefined

1.187.640.0

NANO AntiVirus

Trojan.Win32.Yakes.dhcpzt

0.28.6.62995

Norman

Heur.I

11.20141030

Qihoo 360 Security

Win32/Trojan.579

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.17841701!394532609

23.00.65.141028

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Yakes

10268

Total Defense

Win32/Kuluoz.VVaQNL

37.0.11254

Trend Micro House Call

TROJ_GEN.R08NC0DJS14

7.2.303

Trend Micro

TROJ_GEN.R08NC0DJS14

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

34364

File size:

257.5 KB (263,680 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\fpplbdxm.exe

File PE Metadata

Compilation timestamp:

10/22/2014 10:38:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

3072:l68FXVzvpiSHrh8wHw4ff0PfUof7croAt29id1AKCv4u1AKCv4aHG:xV9i2VbQWf0YoAt29MeKCvPeKCvRm

Entry address:

0x103C

Entry point:

6A, 00, FF, 15, FC, 14, 40, 00, A3, B5, 10, 40, 00, 74, 00, E8, F8, 07, 00, 00, FF, 35, ED, 10, 40, 00, FF, 15, D8, 14, 40, 00, 61, 68, 6A, 20, 6D, 62, 6E, 6D, 62, 71, 20, 77, 71, 00, 66, 64, 6E, 66, 6E, 67, 66, 6E, 00, 68, 66, 6A, 00, 31, 32, 33, 31, 20, 65, 77, 65, 72, 65, 64, 2E, 00, 34, 33, 74, 34, 33, 36, 34, 33, 37, 6E, 35, 33, 6E, 2E, 00, 72, 72, 74, 79, 6E, 34, 33, 33, 72, 72, 72, 72, 72, 72, 72, 72, 72, 2E, 00, 31, 33, 34, 33, 37, 35, 37, 2E, 35, 36, 37, 35, 37, 36, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6112

Packer / compiler:

FASM v1.5x

Code size:

246.5 KB (252,416 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

qfinmkwp

Command:

"C:\Documents and Settings\{user}\Application data\fpplbdxm.exe"

Remove fpplbdxm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.