» HYPERTRM.EXE
Overview
Analysis
File Details

HYPERTRM.EXE

HyperTerminal Applet

Hilgraeve, Inc.

The executable HYPERTRM.EXE, “HyperTerminal Applet” has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

HYPERTRM.EXE

Publisher:

Hilgraeve, Inc.

Product:

Microsoft® Windows® Operating System

Description:

HyperTerminal Applet

Version:

5.1.2600.0

MD5:

15a22ba3af2f8be5866a8464174fdf24

SHA-1:

8596d4fc017c1436eba608b0e1d18a81e8e83928

SHA-256:

8b63ae29cd38ba0c3b84c7302ab5aaac6959be425fbbad650f0b5dbe3bd253f2

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 12:58:31 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160118-1

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5087.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46910

File size:

99.5 KB (101,888 bytes)

Product version:

5.1.2600.0

Trademarks:

HyperTerminal ® is a registered trademark of Hilgraeve, Inc.

Original file name:

HYPERTRM.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\windows nt\hypertrm.exe

File PE Metadata

Compilation timestamp:

8/17/2001 8:52:57 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.0

CTPH (ssdeep):

3072:tdkWGqzjTAqc3d6elQWLwsqPXBOaClSDHfLXWuJ:P1GqzcYelNLwscBOamS3XHJ

Entry address:

0x10F8

Entry point:

60, 81, F9, 5E, 29, 00, 00, 72, 07, F7, C2, 49, 74, 0E, 7E, F3, EB, 12, 69, C1, 0F, 5F, 4D, 14, F7, C1, 42, E3, C2, 7F, 81, DD, 6D, E8, 42, 7B, 40, 8B, D2, 0F, BF, C9, 69, CA, 35, 60, 7B, 54, 0F, B7, EF, 8D, 05, FA, EF, C8, FA, 0F, AF, F6, 48, 80, DC, C1, 09, CD, E8, 14, 00, 00, 00, 4D, 34, DD, 45, 0A, E5, 0F, B7, D9, 2B, F1, 89, F8, F3, 81, E2, F5, EB, 72, 46, 0F, AF, F5, F3, EB, 08, F7, C6, A7, F1, 4C, 88, 8B, C7, 88, DC, F7, C7, E9, 60, 08, 20, 0F, BE, D4, C6, C0, 4E, 6B, C9, 00, 88, F6, F2, C6, C4, 44... 
[+]

Code size:

1.5 KB (1,536 bytes)

Remove HYPERTRM.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.