» kb00610000.exe
Overview
Analysis
File Details

kb00610000.exe

Pillow

ICOFX SOFTWARE SRL

The executable kb00610000.exe has been detected as malware by 12 anti-virus scanners.

File name:

kb00610000.exe

Publisher:

ICOFX SOFTWARE SRL (signed and verified)

Product:

Pillow

Version:

3.02.0005

MD5:

60b8762c41a5ce7ab9eabb571b1dcef0

SHA-1:

9801a286bd8680288e6c0c27fc3dfb16d02eafb2

SHA-256:

1029add321b9f4b68ffe65f5051ea474f6103ce21c5507210a11135c21d66698

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/26/2024 5:45:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.50500

6517195

AVG

Generic_vb

2016.0.3211

Baidu Antivirus

Trojan.Win32.VB

4.0.3.1522

Bitdefender

Gen:Variant.Symmi.50500

1.0.20.165

Emsisoft Anti-Malware

Gen:Variant.Symmi.50500

9.0.0.4799

ESET NOD32

Win32/Agent.QWD trojan

7.0.302.0

F-Secure

Gen:Variant.Symmi.50500

5.13.68

G Data

Gen:Variant.Symmi.50500

15.2.25

Kaspersky

Trojan.Win32.VB

15.0.0.543

Malwarebytes

Trojan.EDVBGen

v2015.02.02.09

MicroWorld eScan

Gen:Variant.Symmi.50500

16.0.0.99

Panda Antivirus

Trj/Chgt.O

15.02.02.09

File size:

202.1 KB (206,968 bytes)

Product version:

3.02.0005

Pillow

Trademarks:

Pillow

Original file name:

Pillow.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\kb00610000.exe

Digital Signature

Signed by:

ICOFX SOFTWARE SRL

Authority:

COMODO CA Limited

Valid from:

2/3/2013 7:00:00 PM

Valid to:

2/4/2016 6:59:59 PM

Subject:

CN=ICOFX SOFTWARE SRL, O=ICOFX SOFTWARE SRL, STREET=str. Teilor nr. 10 sc. 2 ap. 24, L=Floresti, S=Cluj, PostalCode=407280, C=RO

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DE9F0854CD6936A239D0FF5B81756164

File PE Metadata

Compilation timestamp:

1/23/2015 3:47:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:4i4E+IFTDdc4ldzNX/c+JV4DVpJK9bfjewFnDVSZaepHlVqHlhecM4ggrUK21r/u:4iDF9pHUKZLx9/Qarggo1ryrKLtPPRFu

Entry address:

0x1200

Entry point:

68, 14, 79, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 2A, 92, DB, B2, 16, DB, 91, 47, 8E, 19, CC, A6, D5, CC, 1E, F3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 43, 61, 70, 74, 69, 6F, 4C, 65, 62, 65, 6E, 73, 75, 6E, 77, 65, 72, 74, 65, 6D, 00, 20, 00, 00, 00, 00, FF, CC, 31, 00, 05, F9, 7F, 1F, BC, 4A, 36, E3, 45, A1, 83, 31, F0, A5, D0, C9, 61, EE, 5B, 5F, E0, 5F, 45, EF, 4E, B7, A2, 3F, E7, 15, 30, 66, 3E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

176 KB (180,224 bytes)

Remove kb00610000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.