home

garanti.exe

Remote Service Application

Microsoft Corp.

The executable garanti.exe has been detected as malware by 42 anti-virus scanners.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
243467f8f59d80be61377e3d890ea654

SHA-1:
f555773ffcb7f6b363dc0aa4177a0d7f88f01c82

SHA-256:
5364faec932d61e2f2baade0a452e130e50dd43fb3060895f9cb7b65fdb6a0f4

Scanner detections:
42 / 68

Status:
Malware

Analysis date:
4/20/2024 3:46:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Inject.AUZ
6373653

Agnitum Outpost
Trojan.Comet.Gen.LO
7.1.1

AhnLab V3 Security
Trojan/Win32.DelfInject
2015.03.27

Avira AntiVirus
BDS/DarkKomet.GR
3.6.1.96

avast!
Win32:Delf-SQI [Trj]
150319-0

AVG
BackDoor.Generic16
2016.0.3158

Bitdefender
Trojan.Inject.AUZ
1.0.20.430

Bkav FE
W32.OnGamesLTKVPOK.Trojan
1.3.0.4959

Clam AntiVirus
WIN.Trojan.DarkKomet
0.98/20247

Comodo Security
Backdoor.Win32.Agent.XAB
21554

Dr.Web
BackDoor.Comet.2020
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Inject.AUZ
9.0.0.4799

ESET NOD32
Win32/Fynloski.AA
9.11385

Fortinet FortiGate
W32/DarkKomet.ID!tr.bdr
3/27/2015

F-Prot
W32/Downloader.C.gen
v6.4.6.5.141

F-Secure
Trojan.Inject.AUZ
5.13.68

G Data
Trojan.Inject.AUZ
15.3.25

herdProtect (fuzzy)
variant of how to hack facebook.exe
2015.7.2.0

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.1.8.6.0

K7 AntiVirus
Backdoor
13.176.11451

Kaspersky
Backdoor.Win32.DarkKomet
15.0.0.543

Malwarebytes
Backdoor.Agent.DCRSAGen
v2015.03.27.06

McAfee
Generic BackDoor.xa
5600.6814

Microsoft Security Essentials
Threat.Undefined
1.195.475.0

MicroWorld eScan
Backdoor.Fynloski.C
16.0.0.258

NANO AntiVirus
Trojan.Win32.DarkKomet.cssoim
0.28.0.58394

Norman
Backdoor.Fynloski.C
03.12.2014 13:20:04

nProtect
Trojan/W32.Agent.673280.BU
14.03.15.01

Panda Antivirus
Trj/Packed.B
15.03.27.06

Qihoo 360 Security
Malware.QVM05.Gen
1.0.0.1015

Quick Heal
Backdoor.Fynloski.A9
3.15.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.4.1.11

Rising Antivirus
PE:Trojan.Win32.Generic.12DBE314!316400404
23.00.65.15325

Sophos
Troj/Backdr-ID
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Fynloski
9972

Total Defense
Win32/Fynloski.A!generic
37.0.11516

Trend Micro House Call
BKDR_FYNLOS.SMM
7.2.86

Trend Micro
BKDR_FYNLOS.SMM
10.465.27

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.3

VIPRE Antivirus
Threat.4733922
38552

ViRobot
Backdoor.Win32.Agent.674304.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Fynloski.Win32.3190
2.0.0.2118

File size:
658 KB (673,792 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\garanti.exe

File PE Metadata
Compilation timestamp:
6/7/2012 6:59:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hm:mZ1xuVVjfFoynPaVBUR8f+kN10EBI

Entry address:
0x8F888

Entry point:
55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
573 KB (586,752 bytes)

Remove garanti.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.