» kb00247589.exe.gonewiththewings
Overview
Analysis
File Details

kb00247589.exe.gonewiththewings

Badly

Spite orbit - www.Badly.com

The file kb00247589.exe.gonewiththewings, “Mouse pleasure salmon weigh collect failed” has been detected as malware by 8 anti-virus scanners.

File name:

Publisher:

Spite orbit - www.Badly.com

Product:

Badly

Description:

Mouse pleasure salmon weigh collect failed

Version:

1.0.0.1

MD5:

20e202703198d7f99860543b1d7ddfa9

SHA-1:

e5960ed49031ed1fc754552fbeec0dc37df93b3f

SHA-256:

7539538cbc919746c44fcfea3b38210886abff7f18e77a9f999549c2882945fd

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

4/24/2024 8:57:36 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.MDA

2014.12.19

AVG

Win32/Cryptor

2015.0.3256

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.141218

ESET NOD32

Win32/Kryptik.CTJW trojan

7.0.302.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2775

Malwarebytes

Trojan.Agent.DED

v2014.12.18.11

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Virus 'Troj/Wonton-MK'

5.09

File size:

160.5 KB (164,352 bytes)

Product version:

7.0

Language:

Arabic (Saudi Arabia)

Common path:

C:\users\{user}\appdata\local\temp\kb00247589.exe.gonewiththewings

File PE Metadata

Compilation timestamp:

12/19/2014 4:17:42 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:AOEqDr0M1UU6bwyNavEtAtFFFFFFFX2oMxoZIA76VWSDnJbWe7:AO3f0XUahoZIAuBDl

Entry address:

0x43C3

Entry point:

E8, 8D, 44, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 33, F6, 3B, C6, 75, 1D, E8, 4E, 02, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, D6, 01, 00, 00, 83, C4, 14, 6A, 16, 58, EB, 0A, 8B, 0D, FC, 60, 41, 00, 89, 08, 33, C0, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 33, F6, 3B, C6, 75, 1D, E8, 15, 02, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 9D, 01, 00, 00, 83, C4, 14, 6A, 16, 58, EB, 0A, 8B, 0D, 00, 61, 41, 00, 89, 08, 33, C0, 5E, 5D, C3, 8B, FF, 55, 8B... 
[+]

Code size:

65.5 KB (67,072 bytes)

Remove kb00247589.exe.gonewiththewings - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.