» idlecrawler.exe
Overview
Analysis
File Details

idlecrawler.exe

Idle-Crawler

web research foundation

The application idlecrawler.exe, “Setup Application” has been detected as a potentially unwanted program by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source.

File name:

idlecrawler.exe

Publisher:

web research foundation

Product:

Idle-Crawler

Description:

Setup Application

Version:

59.0.0.407

MD5:

b1ddfc50ca9ba59556394ba52b564402

SHA-1:

99be7e169bdd9f038e2fbdc4a33b8550892305a9

SHA-256:

b0565ee19fdd948473e72358fdf58eaa60edda8ded8c9110d9e69e4e6611aa19

Scanner detections:

11 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 8:49:10 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen7

7.11.163.22

avast!

Dropper-gen [Drp]

140617-1

Clam AntiVirus

Win.Trojan.Agent-728613

0.98/19168

Dr.Web

Trojan.Click3.8830

9.0.1.063

G Data

Win32.Trojan.Agent.849OVE

15.3.24

IKARUS anti.virus

Trojan-Clicker.JS.Agent

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.IdleCrawler.A

v2014.07.13.02

McAfee

Artemis!B1DDFC50CA9B

5600.6836

Panda Antivirus

Trj/Genetic.gen

14.07.13.02

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0713

7.2.63

File size:

1.6 MB (1,644,395 bytes)

Product version:

1.0.0.0

Trademarks:

Idle-Crawler is a trademark of web research foundation

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\serv\idlecrawler.exe

File PE Metadata

Compilation timestamp:

12/24/2013 11:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:XWv5Xh/XSI7Wv5sh/XSIFeDffKBIITnUYgSXrJY7Lgi90U21Tnzt6712wU6aqJNj:ISIHSIQDKdUmtYXgiOUatQ1nak

Entry address:

0x337A

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, 30, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 80, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 78, 4F, 43, 00, E8, B7, 2E, 00, 00, A3, C4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, F0, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, 7C, A3, 40, 00, 68, C0, 3E, 43, 00, E8, 22, 2B, 00, 00, FF, 15, 34, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, 10, 2B, 00, 00... 
[+]

Entropy:

7.9490

Packer / compiler:

Nullsoft install system v2.x

Code size:

24.5 KB (25,088 bytes)

Remove idlecrawler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.