home

jocul-vecinul-1.exe

Saline

ICOFX SOFTWARE SRL

The executable jocul-vecinul-1.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Oppqics’.
Publisher:
The Eraser Project  (signed by ICOFX SOFTWARE SRL)

Product:
Saline

Version:
7.06.0002

MD5:
3b3ec949f829994cba6d774e2e6293cd

SHA-1:
638daef6dab0a59c13600916345f2d28d815e1c6

SHA-256:
cab6701d876416155e77c637a63b0f7377a1c608655aa22563782d5137bc03d4

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/25/2024 3:56:25 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160908-2

ESET NOD32
Win32/Injector.BTUC trojan
6.3.12010.0

Kaspersky
Trojan.Win32.Muref
15.0.2.529

File size:
190.1 KB (194,680 bytes)

Product version:
7.06.0002

Copyright:
Saline

Trademarks:
Saline

Original file name:
Saline.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\jocul-vecinul-1.exe

Digital Signature
Signed by:
ICOFX SOFTWARE SRL

Authority:
COMODO CA Limited

Valid from:
2/4/2013 2:00:00 AM

Valid to:
2/5/2016 1:59:59 AM

Subject:
CN=ICOFX SOFTWARE SRL, O=ICOFX SOFTWARE SRL, STREET=str. Teilor nr. 10 sc. 2 ap. 24, L=Floresti, S=Cluj, PostalCode=407280, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE9F0854CD6936A239D0FF5B81756164

File PE Metadata
Compilation timestamp:
9/24/2014 12:44:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:XL0bB4mwOjzS8xjlNwWv4HFXs2c2MZD92L0NeY7c9uZ7:70b13j2UnCs277Loee

Entry address:
0x12E4

Entry point:
68, DC, 25, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 33, 1E, 9E, A8, C7, 57, D1, 42, BA, 61, 46, B6, 7E, 59, 73, B3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 72, 62, 6F, 74, 65, 6E, 62, 65, 73, 74, FC, 72, 7A, 65, 6E, 64, 65, 73, 00, 20, 20, 20, 00, 00, 00, 00, FF, CC, 31, 00, 10, 11, C7, 14, 4D, 28, 16, 6E, 46, 99, 87, 30, D9, 54, 4A, 98, BE, ED, A8, 89, AC, 86, 04, D7, 42, A9, 8D, 6D, 13, 63, E7, 88, A8, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.3778

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
148 KB (151,552 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Oppqics

Command:
C:\users\{user}\appdata\local\oppqics\jocul-vecinul-1.exe


Remove jocul-vecinul-1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.