home

kb05497896.exe

Basisfahrzeugtypen6

Eric Lawrence

The executable kb05497896.exe, “Lokalnachrichtenformat” has been detected as malware by 28 anti-virus scanners.
Publisher:
Eric Lawrence  (signed and verified)

Product:
Basisfahrzeugtypen6

Description:
Lokalnachrichtenformat

Version:
1.05.0001

MD5:
b43995f9c2fe61cc40c50fb3e5589cb0

SHA-1:
e69324cd432e7ba6f5fe5614a03c345e9504fa90

SHA-256:
90f9ed194535551ba8f05a0385384f1161996a5baa9ef2aacf669fad72aaa168

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
4/25/2024 12:55:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2145775
370

Agnitum Outpost
Trojan.Injector
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.03.01

avast!
Win32:Malware-gen
2014.9-160131

AVG
Inject2
2017.0.2848

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.16131

Bitdefender
Trojan.GenericKD.2145775
1.0.20.155

Emsisoft Anti-Malware
Trojan.GenericKD.2145775
8.16.01.31.04

ESET NOD32
Win32/Injector.BSWZ (variant)
10.11248

Fortinet FortiGate
W32/BSWZ!tr
1/31/2016

F-Secure
Trojan.GenericKD.2145775
11.2016-31-01_1

G Data
Trojan.GenericKD.2145775
16.1.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.1915118

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.734

Malwarebytes
Trojan.EDVBGen
v2016.01.31.04

McAfee
RDN/Generic.dx!djb
5600.6504

MicroWorld eScan
Trojan.GenericKD.2145775
17.0.0.93

NANO AntiVirus
Trojan.Win32.BSWZ.dnpkum
0.30.0.296

Norman
Suspicious_Gen4.HWRZE
11.20160131

nProtect
Trojan.GenericKD.2145775
15.02.27.01

Panda Antivirus
Trj/Chgt.O
16.01.31.04

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.16129

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0EBC15
7.2.31

Trend Micro
TROJ_GEN.R047C0EBC15
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
38000

File size:
299.8 KB (306,952 bytes)

Product version:
1.05.0001

Copyright:
Aussprüche

Trademarks:
Militärmusikfestival

Original file name:
Hynix Capacitator.exe

File type:
Executable application (Win32 EXE)

Language:
Taiwanese

Common path:
C:\users\{user}\appdata\local\temp\kb05497896.exe

Digital Signature
Signed by:
Eric Lawrence

Authority:
COMODO CA Limited

Valid from:
1/18/2012 10:00:00 PM

Valid to:
1/18/2015 9:59:59 PM

Subject:
CN=Eric Lawrence, O=Eric Lawrence, STREET=15724 NE 53rd Street, L=Redmond, S=WA, PostalCode=98052, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6D398872131657667B476252BA58C3F3

File PE Metadata
Compilation timestamp:
1/14/2015 3:50:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:b3EAWSkVn0IroyYSDFcPcbpPjmM/YLzU/dm3SsedphfdUDDwpMV:b3Eb10IkyYSDFcQpPjWHodvlvGDD+MV

Entry address:
0x1410

Entry point:
68, B0, C6, 43, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 70, DB, 9C, BD, 22, B4, 0D, 42, 93, 38, 50, A1, B1, 65, 0B, B1, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, E8, 2F, F6, 01, 4C, 69, 74, 65, 72, 61, 74, 75, 72, 77, 69, 73, 73, 65, 6E, 73, 63, 68, 61, 66, 74, 65, 6E, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, 05, E4, DB, 78, 22, 05, 90, 41, BE, BE, B1, 9B, 80, 3E, 68, 47, F1, 44, 45, 8A, 33, 11, 6D, 41, 85, F7, 8D, D3, 36, 7F, 49, FA, 3A, 4F, AD...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
276 KB (282,624 bytes)

Remove kb05497896.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.