» HijackThis.exe
Overview
Analysis
File Details
Programs (2)
Downloads (6)

HijackThis.exe

HijackThis

Trend Micro, Inc.

This file is installed with multiple programs including Trend Micro Titanium Maximum Security and Trend Micro Titanium Internet Security. The file has been seen being downloaded from www.trendsecure.com and multiple other hosts.

File name:

HijackThis.exe

Publisher:

Trend Micro Inc. (signed by Trend Micro, Inc.)

Product:

HijackThis

Version:

2.00.0002

MD5:

e8269245566be948f6a219135b434160

SHA-1:

1ac255b76ef692ea6c09d4840dcd28c67c5d6bfe

SHA-256:

3c253bfd385c7f245f3c6131e58cbe22c0d03073a828b9938f923f00562d7c2d

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

5/3/2024 9:16:37 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Trojan.VBInject!1.6546

23.00.65.14131

File size:

392.3 KB (401,720 bytes)

Product version:

2.00.0002

Trademarks:

Original file name:

HijackThis.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\tools\hijackthis.exe

Digital Signature

Signed by:

Trend Micro, Inc.

Authority:

VeriSign, Inc.

Valid from:

1/29/2007 7:00:00 PM

Valid to:

2/15/2008 6:59:59 PM

Subject:

CN="Trend Micro, Inc.", OU=RD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Trend Micro, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

225C8B52640584163EC1835017DED781

File PE Metadata

Compilation timestamp:

6/7/2007 12:56:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KCjUfQ7DbE66sVHdkyUkEYn+nVewn+ob/xIytqi20dcUSGreicGGSzMZY:KCjUSbEAVG95YnNsr2ytL2cc3Gr1

Entry address:

0x142830

Entry point:

60, BE, 00, D0, 4F, 00, 8D, BE, 00, 40, F0, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.4005

Packer / compiler:

UPX 2.90LZMA]

Code size:

280 KB (286,720 bytes)

The file HijackThis.exe has been discovered within the following programs.

Trend Micro Titanium Internet Security by Trend Micro Inc.

Publisher's description - “Strong, fast and easy-to-use security--Trend Micro Titanium Internet Security provides advanced protection for your family so you can connect with confidence.”

www.trendmicro.com/us/home/products/titanium/antivirus-plus/index.html

6% remove it

Trend Micro Titanium Maximum Security by Trend Micro Inc.

Publisher's description - “Trend Micro Titanium Maximum Security is all-in-one, easy-to-use protection for everything you and your family do online-email, socialize, bank, browse, shop, and more. It provides you with a friendly interface, simple screens, and clear reports.”

www.trendmicro.com

10% remove it

The file HijackThis.exe has been seen being distributed by the following 6 URLs.

http://www.trendsecure.com/portal/en-US/.../HiJackThis.exe

http://www.pcsafety.us/.../hijackthis.exe

https://onedrive.live.com/download.aspx?cid=98DCB66D28BEB570&resid=98DCB66D28BEB570!6120&canary=Ia6/.../1h61M=4

https://dl-web.dropbox.com/get/.../HijackThis.exe

https://doc-14-0c-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/ti8j994v3tuagqtm4lp7jbp0if0tlkvc/1408341600000/12533352346098780637/.../0B7pJ7yI2AU6jMWZmNTAyNGEtZjc4YS00ZGY2LWFlZWMtYzI5ZTEzMGIwOTk0?h=16653014193614665626&e=download

https://docs.google.com/uc?id=0B7pJ7yI2AU6jMWZmNTAyNGEtZjc4YS00ZGY2LWFlZWMtYzI5ZTEzMGIwOTk0&export=download&hl=en

Scan HijackThis.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.