home

iromfoem.exe

The executable iromfoem.exe has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
MD5:
b76a6d905d90280f8bd1e730a64e6274

SHA-1:
85d409ba971cee07ca04ad24d5df906f6a07b7c4

SHA-256:
187f2515695b6702b70ba258f378cfbbc4ecd1910d9252b4a57f3b41f9b12507

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 1:23:48 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160118-1

AVG
Win32/Sality
2015.0.4489

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
10.0.0.5366

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

Kaspersky
Virus.Win32.Sality
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5033.0

Norman
Win32.Sality.3
11.01.2016 17:30:26

Sophos
Virus 'Mal/Sality-D'
5.22

VIPRE Antivirus
Threat.4721115
46826

File size:
956.5 KB (979,456 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\asus\gpu tweak\iromfoem.exe

File PE Metadata
Compilation timestamp:
5/1/2013 10:36:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
12288:phYeAl/kVuS1wAaBHlvZ5oYmOaxal1JdgTDth8B0kXsSWkTOP8if7cPWkz4h:keAl5AaBHlvZ5oYUxa6M07P7YPF4h

Entry address:
0x84AEE

Entry point:
FE, C5, 05, 93, 55, 92, FE, C7, C6, 27, C5, 31, E6, C7, C1, BF, 2A, 76, CE, 8D, 1D, 29, E3, 51, FD, 52, 51, 85, C6, 75, 08, 0F, B6, FC, 08, DA, 0F, AF, C9, 68, 19, AF, 9C, 00, 68, 98, 89, EA, 00, BB, 17, A0, 05, 97, E8, 21, 00, 00, 00, EB, 07, B9, 9B, 67, 49, C1, 88, E5, 8D, 35, E2, 02, E6, 8E, FF, C2, 47, 46, 87, EA, 8B, DF, 70, 08, FF, CF, 81, D6, 35, 26, CD, FB, 4B, 86, D9, 88, FE, 3B, EE, 76, 02, 85, DB, F3, BD, 43, AB, D7, 06, 2D, 8F, 5A, 0E, 00, FF, C6, 87, F9, 69, F0, B3, DE, 83, 1F, 05, 56, 76, 0D...
 
[+]

Entropy:
6.4686

Code size:
623 KB (637,952 bytes)

Remove iromfoem.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.