home

gmod express menu v3.98 made by elusivehackingteam.exe

Remote Service Application

Microsoft Corp.

The executable gmod express menu v3.98 made by elusivehackingteam.exe has been detected as malware by 42 anti-virus scanners. The file has been seen being downloaded from www.qfpost.com.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
e0033cc044efa9f90712fb6f22a14154

SHA-1:
835b164581e326bec6b69616a5ee2bb916ae51a8

SHA-256:
7732fe6ecd66ec521231e561b1a602c5211c2507840d94cfa841331d820fc27a

Scanner detections:
42 / 68

Status:
Malware

Analysis date:
4/24/2024 7:11:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Fynloski.C
995

AhnLab V3 Security
Backdoor/Win32.Graybird
14.05.15

Avira AntiVirus
BDS/Backdoor.Gen
7.11.30.172

avast!
Win32:Agent-ASXK [Trj]
2014.9-140515

AVG
BackDoor.Delf
2015.0.3473

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.14515

Bitdefender
Backdoor.Fynloski.C
1.0.20.675

Bkav FE
W32.OnGamesLTKVPOK.Trojan
1.3.0.4959

Clam AntiVirus
WIN.Trojan.DarkKomet
0.98/18989

Comodo Security
Backdoor.Win32.Agent.XAB
17930

Dr.Web
BackDoor.Comet.884
9.0.1.0135

Emsisoft Anti-Malware
Backdoor.Fynloski
8.14.05.15.01

ESET NOD32
Win32/Fynloski.AA
8.9545

Fortinet FortiGate
W32/DarkKomet.ID!tr.bdr
5/15/2014

F-Prot
W32/Downloader.C.gen
v6.4.7.1.166

F-Secure
Backdoor.Fynloski.C
11.2014-15-05_5

G Data
Backdoor.Fynloski
14.5.24

IKARUS anti.virus
Trojan.Win32.CDur
t3scan.2.2.29

K7 AntiVirus
Backdoor
13.176.11451

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.3862

Malwarebytes
Backdoor.Agent.DCRSAGen
v2014.05.15.01

McAfee
Generic BackDoor.xa
5600.7129

Microsoft Security Essentials
Threat.Undefined
1.173.2153.0

MicroWorld eScan
Backdoor.Fynloski.C
15.0.0.405

NANO AntiVirus
Trojan.Win32.DarkKomet.cssoim
0.28.0.58394

Norman
Downloader.HJVR
11.20140515

nProtect
Trojan/W32.Agent.673280.BU
14.03.15.01

Panda Antivirus
Trj/Packed.B
14.05.15.01

Qihoo 360 Security
Malware.QVM05.Gen
1.0.0.1015

Quick Heal
Backdoor.Fynloski.A9
5.14.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.5.15.13

Rising Antivirus
PE:Trojan.Win32.Generic.12D83427!316159015
23.00.65.14513

Sophos
Troj/Backdr-ID
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Fynloski
10604

Total Defense
Win32/Fynloski.dBUBcfD
37.0.10818

Trend Micro House Call
TROJ_AGENT_058807.TOMB
7.2.135

Trend Micro
TROJ_AGENT_058807.TOMB
10.465.15

Vba32 AntiVirus
Backdoor.DarkKomet.aagt
3.12.24.3

VIPRE Antivirus
Backdoor.Win32.Fynloski.A
27388

ViRobot
Backdoor.Win32.Agent.674304.A
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

Zillya! Antivirus
Backdoor.DarkKomet.Win32.522
2.0.0.1789

File size:
756 KB (774,144 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/7/2012 4:59:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:D9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hDsvvQ:NZ1xuVVjfFoynPaVBUR8f+kN10EBWvvQ

Entry address:
0x8F888

Entry point:
55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0...
 
[+]

Entropy:
6.5138

Developed / compiled with:
Microsoft Visual C++

Code size:
573 KB (586,752 bytes)

The file gmod express menu v3.98 made by elusivehackingteam.exe has been seen being distributed by the following URL.

http://www.qfpost.com/downloadfile.do

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.