» kb00252160.exe
Overview
Analysis
File Details

kb00252160.exe

uTorrent Portable

PortableAppZ.blogspot.com

The executable kb00252160.exe has been detected as malware by 23 anti-virus scanners. This trojan will attemp to establish a connection to a remote server through various TCP ports and will use Winlogon to survive reboots.

File name:

kb00252160.exe

Publisher:

PortableAppZ.blogspot.com

Product:

uTorrent Portable

Version:

2014.10.12.15

MD5:

03cf1d8b7d7461ec0f9dc9618be09ac6

SHA-1:

308d3af704ca4c893f3c777b65524f4d804422ee

SHA-256:

b70751482959aca35aa287d68e12ea9bf78c638b022c37467191e8fd9d070648

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/25/2024 10:02:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.706098

517

AhnLab V3 Security

Trojan/Win32.MDA

2015.08.08

Avira AntiVirus

TR/Crypt.ZPACK.73942

8.3.1.6

Arcabit

Trojan.Kazy.DAC632

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150905

AVG

Win32/Cryptor

2016.0.2995

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.1595

Bitdefender

Gen:Variant.Kazy.706098

1.0.20.1240

Dr.Web

Trojan.DownLoader15.24118

9.0.1.0248

Emsisoft Anti-Malware

Gen:Variant.Kazy.706098

8.15.09.05.03

ESET NOD32

Win32/Kryptik.DSQD (variant)

9.12062

Fortinet FortiGate

PossibleThreat.P0

9/5/2015

F-Prot

W32/Agent.XL.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.706098

11.2015-05-09_7

G Data

Gen:Variant.Kazy.706098

15.9.25

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.1.9.5.0

Kaspersky

Trojan-Dropper.Win32.Dycler

14.0.0.1472

McAfee

RDN/Generic.tfr

5600.6651

Microsoft Security Essentials

Trojan:Win32/Lethic.B

1.1.11903.0

MicroWorld eScan

Gen:Variant.Kazy.706098

16.0.0.744

Panda Antivirus

Generic Suspicious

15.09.05.03

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

File size:

386.5 KB (395,776 bytes)

Product version:

2014.10.12.15

Bernat

Trademarks:

PortableAppZ is a Trademark of Bernat

Original file name:

uTorrentPortable.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\kb00252160.exe

File PE Metadata

Compilation timestamp:

8/6/2015 10:18:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:6Gq4YiskGnZcqtCBHSZZPr/cReNdd+0vU81UUI:6aI9oHM0RgUGI

Entry address:

0x136F2

Entry point:

E8, 05, 17, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0, F7, 45, 00, 89, 0D, BC, F7, 45, 00, 89, 15, B8, F7, 45, 00, 89, 1D, B4, F7, 45, 00, 89, 35, B0, F7, 45, 00, 89, 3D, AC, F7, 45, 00, 66, 8C, 15, D8, F7, 45, 00, 66, 8C, 0D, CC, F7, 45, 00, 66, 8C, 1D, A8, F7, 45, 00, 66, 8C, 05, A4, F7, 45, 00, 66, 8C, 25, A0, F7, 45, 00, 66, 8C, 2D, 9C, F7, 45, 00, 9C, 8F, 05, D0, F7, 45, 00, 8B, 45, 00, A3, C4, F7, 45, 00, 8B, 45, 04, A3, C8, F7, 45, 00, 8D, 45, 08, A3, D4, F7, 45... 
[+]

Entropy:

2.8522

Code size:

98.5 KB (100,864 bytes)

Remove kb00252160.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.