home

inteltecnolocisiwwk.gif

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Java_Plugin_Inteltecnolocis1’.
MD5:
11a815b4c171e525a8f6c57962a274ab

SHA-1:
a48651042031fcd7075edb1285d2da6693ce987d

SHA-256:
5b06972595f2a56e25181ae11b55395b522bad6579a9926864e536073a106df8

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/6/2024 6:06:56 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
Trojan.Win32.Agentb
15.0.2.529

File size:
9 KB (9,216 bytes)

Common path:
C:\windows\temp\inteltecnolocisiwwk.gif

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

Entry address:
0xAB60

Entry point:
80, 7C, 24, 08, 01, 0F, 85, B9, 01, 00, 00, 60, BE, 00, 90, 40, 00, 8D, BE, 00, 80, FF, FF, 57, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB...
 
[+]

Code size:
8 KB (8,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Java_Plugin_Inteltecnolocis1

Command:
rundll32.exe "C:\windows\temp\inteltecnolocisiwwk.gif",""


Scan inteltecnolocisiwwk.gif - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.