» google.exe
Overview
Analysis
File Details
Behaviors (1)

google.exe

Katherina Walensky

The executable google.exe has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HKCU’.

File name:

google.exe

Publisher:

Katherina Walensky

Version:

1, 0, 0, 1

MD5:

7891cd82bbaae9b6a0c91735f06b41d6

SHA-1:

a0977d8f18f08c1831258bab1bdf7bb9316d96b3

SHA-256:

bdff01e9afbf6abcec5c16eb4a5f0bd311796ac1d624e0d67389ae1935a86c8c

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

5/3/2024 4:38:03 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Refroso

2013.07.29

Avira AntiVirus

TR/Crypt.MWPM.Gen

7.11.93.148

AVG

Generic25

2015.0.3576

Bitdefender

Trojan.Generic.KDV.353716

1.0.20.165

Comodo Security

UnclassifiedMalware

16668

Dr.Web

Trojan.Siggen3.28688

9.0.1.033

Emsisoft Anti-Malware

Trojan.Generic.KDV.353716

8.14.02.02.07

ESET NOD32

Win32/Packed.MoleboxVS (variant)

8.8621

Fortinet FortiGate

W32/Injector.DH!tr

2/2/2014

F-Prot

W32/Bifrost.AD.gen

v6.4.7.1.166

F-Secure

Trojan.Generic.KDV.353716

11.2014-02-02_1

G Data

Trojan.Generic.KDV.353716

14.2.22

IKARUS anti.virus

Backdoor.Win32.Xtrat

t3scan.2.0.3.0

K7 AntiVirus

Backdoor

13.170.9117

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4373

Malwarebytes

Backdoor.Xtrat

v2014.02.02.07

McAfee

Artemis!7891CD82BBAA

5600.7232

Microsoft Security Essentials

Backdoor:Win32/Xtrat.A

1.163.1557.0

MicroWorld eScan

Trojan.Generic.KDV.353716

15.0.0.99

NANO AntiVirus

Trojan.Win32.Bifrost.prcmr

0.24.0.53571

Norman

Troj_Generic.MXAIO

11.20140202

Panda Antivirus

Trj/Thed.M

14.02.02.07

Sophos

Troj/SSonce-B

4.91

Trend Micro House Call

TROJ_GEN.R047C0DGF13

7.2.33

Trend Micro

TROJ_GEN.R047C0DGF13

10.465.02

Vba32 AntiVirus

Trojan.Refroso

3.12.22.2

VIPRE Antivirus

Trojan.Win32.Generic

19958

File size:

1014.3 KB (1,038,678 bytes)

Product version:

1, 0, 0, 1

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\installdir\google.exe

File PE Metadata

Compilation timestamp:

7/24/2011 11:45:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

24576:rCTFDUy3JHPRg2aoISf8DHAxnxq28l3aEhmKZm:rCxBJpwvVDqxTUaEEF

Entry address:

0x1280

Entry point:

55, 89, E5, 83, EC, 08, C7, 04, 24, 01, 00, 00, 00, FF, 15, 1C, 83, 00, 10, E8, B8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 1C, 83, 00, 10, E8, 98, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 34, 83, 00, 10, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 28, 83, 00, 10, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 83, 3D, 10, B1, 00, 10, 00, 75, 0A, C7, 05, 10, B1, 00, 10, E8, 61, 00, 10, A1, 10, B1, 00, 10, 5D, C3, 55, 89, E5... 
[+]

Packer / compiler:

MingWin32 - Dev C++ v4.x (h)

Code size:

21 KB (21,504 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HKCU

Command:

C:\users\{user}\appdata\roaming\installdir\google.exe

Remove google.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.