» gujcorla.ilv
Overview
Analysis
File Details

gujcorla.ilv

Access Control List Editor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file gujcorla.ilv, “Access Control List Editor” has been detected as malware by 27 anti-virus scanners.

File name:

gujcorla.ilv

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Access Control List Editor

Version:

10.0.10041.0 (fbl_impressive.150313-1821)

MD5:

cb99c0261cd4e285332cdaa898481c08

SHA-1:

f134281355e592032540940ff6063cc47af42bb0

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/19/2024 6:54:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.590175

647

Agnitum Outpost

Backdoor.Papras

7.1.1

AhnLab V3 Security

Backdoor/Win32.Vawtrak

2015.04.19

avast!

Win32:Malware-gen

2014.9-150428

AVG

Crypt4

2016.0.3125

Baidu Antivirus

Backdoor.Win32.Papras

4.0.3.15428

Bitdefender

Gen:Variant.Kazy.590175

1.0.20.590

Bkav FE

HW32.Packed

1.3.0.6379

Emsisoft Anti-Malware

Gen:Variant.Kazy.590175

8.15.04.28.04

ESET NOD32

Win32/Kryptik.DEFH (variant)

9.11496

Fortinet FortiGate

W32/Kryptik.DDZW!tr

4/28/2015

F-Secure

Trojan:W32/Dridex.D

11.2015-28-04_3

G Data

Gen:Variant.Kazy.590175

15.4.25

IKARUS anti.virus

Trojan.Win32.Crypt

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15640

Kaspersky

Backdoor.Win32.Papras

14.0.0.2122

McAfee

RDN/Generic BackDoor!bcl

5600.6781

Microsoft Security Essentials

Backdoor:Win32/Vawtrak.F

1.1.11502.0

MicroWorld eScan

Gen:Variant.Kazy.590175

16.0.0.354

NANO AntiVirus

Trojan.Win32.Papras.dqhcib

0.30.16.1110

Norman

Troj_Generic.ZXAQL

11.20150428

Panda Antivirus

Trj/Genetic.gen

15.04.28.04

Qihoo 360 Security

HEUR/QVM39.1.Malware.Gen

1.0.0.1015

Sophos

Mal/EncPk-AQV

4.98

Trend Micro House Call

TROJ_GEN.R021C0DDD15

7.2.118

Trend Micro

TROJ_GEN.R021C0DDD15

10.465.28

VIPRE Antivirus

Trojan.Win32.Generic

39470

File size:

272.6 KB (279,096 bytes)

Product version:

10.0.10041.0

Original file name:

acledit.dll

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\pexulefte\gujcorla.ilv

File PE Metadata

Compilation timestamp:

4/3/2015 5:23:10 AM

OS version:

4.2

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

0.36

CTPH (ssdeep):

3072:o7KzYXW7GjGhc3wWsoKOJEmRGv1wVOSFMri7jqqYJIAbLHPVZjiIToOI6aGSZw4v:oWaAVoKOJLA2tF7jqqyLvVZxT6KQ

Entry address:

0x8110

Entry point:

55, 89, E5, 53, 56, 57, 81, EC, D0, 02, 00, 00, 8B, 45, 10, 8B, 4D, 0C, 8B, 55, 08, C7, 85, 74, FE, FF, FF, 40, 00, 00, 00, BE, 40, 00, 00, 00, C7, 85, 7C, FE, FF, FF, 20, 00, 00, 00, BF, 20, 00, 00, 00, C7, 85, 78, FE, FF, FF, 00, 00, 00, 00, 31, DB, C7, 45, AC, 37, 00, 00, 00, 89, 85, 6C, FD, FF, FF, B8, 37, 00, 00, 00, C7, 85, 84, FE, FF, FF, 01, 00, 00, 00, 89, 85, 68, FD, FF, FF, B8, 01, 00, 00, 00, C7, 85, 88, FE, FF, FF, 00, 00, 00, 00, C7, 85, 70, FD, FF, FF, 00, 00, 00, 00, 66, C7, 45, A6, 3C, 6F... 
[+]

Entropy:

7.4798

Code size:

32 KB (32,768 bytes)

Remove gujcorla.ilv - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.