» IERegBack.EXE
Overview
Analysis
File Details
Behaviors (1)

IERegBack.EXE

IERegBack 응용 프로그램

KAONI Co., Ltd.

The executable IERegBack.EXE, “IERegBack MFC 응용 프로그램” has been detected as malware by 12 anti-virus scanners.

File name:

IERegBack.EXE

Publisher:

KAONI Co., Ltd. (signed and verified)

Product:

IERegBack 응용 프로그램

Description:

IERegBack MFC 응용 프로그램

Version:

1, 0, 0, 2

MD5:

e918b9c7fef6ee96c6125304e254a60a

SHA-1:

a8d5d33048f8b52b5c4ca4fe34f051c32f9ec434

SHA-256:

e2f833dcd0bdb7a5058f8f12937b58396ab139c31441ca9b77133862fe0b9c80

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/24/2024 2:28:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Generic.Malware.Yd!.C58AD537

465

Avira AntiVirus

TR/Agent.43928

8.3.2.2

Arcabit

Generic.Malware.Yd!.C58AD537

1.0.0.582

avast!

Win32:Malware-gen

2014.9-151028

Bitdefender

Generic.Malware.Yd!.C58AD537

1.0.20.1505

Comodo Security

UnclassifiedMalware

23424

Emsisoft Anti-Malware

Generic.Malware.Yd!.C58AD537

8.15.10.28.05

F-Secure

Generic.Malware.Yd!.C58AD537

11.2015-28-10_4

G Data

Generic.Malware.Yd!.C58AD537

15.10.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

McAfee

Artemis!E918B9C7FEF6

5600.6599

MicroWorld eScan

Generic.Malware.Yd!.C58AD537

16.0.0.903

File size:

42.9 KB (43,928 bytes)

Product version:

1, 0, 0, 2

Original file name:

IERegBack.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\ieregback.exe

Digital Signature

Signed by:

KAONI Co., Ltd.

Authority:

Thawte, Inc.

Valid from:

11/1/2011 9:00:00 AM

Valid to:

12/31/2012 8:59:59 AM

Subject:

CN="KAONI Co., Ltd.", O="KAONI Co., Ltd.", L=Gangnam-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2936490089161DB849D2DDE55D67504A

File PE Metadata

Compilation timestamp:

2/28/2012 5:09:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

384:4fS8YbZCTahIQ9y18hnfc9xKvdSqy9hdcmAT+4g/unFYJLzM5up:4fBwIQWgnfnC9sfeungLzMu

Entry address:

0x2B20

Entry point:

55, 8B, EC, 6A, FF, 68, 40, 35, 40, 00, 68, A6, 2C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, C4, 31, 40, 00, 59, 83, 0D, 70, 43, 40, 00, FF, 83, 0D, 74, 43, 40, 00, FF, FF, 15, C0, 31, 40, 00, 8B, 0D, 64, 43, 40, 00, 89, 08, FF, 15, BC, 31, 40, 00, 8B, 0D, 60, 43, 40, 00, 89, 08, A1, B8, 31, 40, 00, 8B, 00, A3, 6C, 43, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 80, 42, 40, 00, 75, 0C, 68, A2, 2C, 40, 00, FF, 15, B4, 31... 
[+]

Entropy:

4.9596

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

8 KB (8,192 bytes)

ActiveX Install

Name:

{9E1C0C21-48B8-455A-9005-48C8D78B7900}

Remove IERegBack.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.