home

google.exe

The executable google.exe has been detected as malware by 34 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘91d11f3d966b7431922651f76fe40732’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.
MD5:
9d53917f3c33302bab6ecc4d0a2976d8

SHA-1:
2719d6383bd2ff763f3530e18e18d3eac3156e09

SHA-256:
ac871cf65eea2abb6ed1bb3e2e2f12486c6b67b02b9d338630e8006b5e481051

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
4/20/2024 3:29:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.cmW@yfu!NGf
1022

Agnitum Outpost
Trojan.DR.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Genome
2013.12.04

Avira AntiVirus
TR/Dropper.Gen6
7.11.117.166

avast!
MSIL:Agent-YW [Trj]
2014.9-140418

AVG
PSW.ILSpy
2015.0.3500

Baidu Antivirus
Trojan.Win32.Generic
4.0.3.14418

Bitdefender
Gen:Trojan.Heur.cmW@yfu!NGf
1.0.20.540

Bkav FE
W32.Clodf90.Trojan
1.3.0.4562

Comodo Security
TrojWare.MSIL.Spy.Agent.EF
17380

Dr.Web
Win32.HLLW.Autoruner.25074
9.0.1.0108

Emsisoft Anti-Malware
Gen:Trojan.Heur.cmW@yfu!NGf
8.14.04.18.12

ESET NOD32
MSIL/Bladabindi (variant)
8.9127

Fortinet FortiGate
MSIL/Agent.MNB!tr
4/18/2014

F-Prot
W32/MSIL_Troj.AP.gen
v6.4.7.1.166

F-Secure
Gen:Trojan.Heur.cmW@yfu!NGf
11.2014-18-04_6

G Data
Gen:Trojan.Heur.cmW@yfu!NGf
14.4.22

IKARUS anti.virus
MSIL
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10396

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3997

Malwarebytes
Backdoor.Agent.NIPGen
v2014.04.18.12

McAfee
Generic MSIL.m
5600.7156

Microsoft Security Essentials
Backdoor:MSIL/Bladabindi.AO
1.163.1557.0

MicroWorld eScan
Gen:Trojan.Heur.cmW@yfu!NGf
15.0.0.324

NANO AntiVirus
Trojan.Win32.Autoruner.bgbbfg
0.28.0.56582

Norman
Troj_Generic.GXYHF
11.20140418

Panda Antivirus
Trj/CI.A
14.04.18.12

Quick Heal
Worm.Necast.J3
4.14.12.00

Rising Antivirus
PE:Worm.VBInjectEx!1.99E6
23.00.65.14416

Sophos
Mal/MSIL-GL
4.95

Trend Micro House Call
TROJ_SPNR.03DA13
7.2.108

Trend Micro
TROJ_SPNR.03DA13
10.465.18

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
23988

File size:
45.5 KB (46,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\owner\google.exe

File PE Metadata
Compilation timestamp:
10/4/2012 4:26:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:RsPPNBboM6IJQ4sAy+ZxIzvsv2AReHu6L0GS8YzXB:yPk7hYHR8u6AFr

Entry address:
0xB1BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 40, 00, 00, 80, 18, 00, 00, 00, 58, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 01, 00, 32, 00, 00, 00, 70, 00...
 
[+]

Entropy:
5.7757

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
36.5 KB (37,376 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
91d11f3d966b7431922651f76fe40732

Command:
"C:\users\owner\google.exe"..


Remove google.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.