home

kb19961218.exe

Obsessed Preserver Longed

Pigeons Nearly Invoiced

The executable kb19961218.exe, “Oft Kettle Kremlin” has been detected as malware by 19 anti-virus scanners.
Publisher:
Pigeons Nearly Invoiced

Product:
Obsessed Preserver Longed

Description:
Oft Kettle Kremlin

Version:
111.22.48.104

MD5:
4868a7db8f15a64b0b5d2a367a11fcb1

SHA-1:
782cdfea22a62c52d3c9e781506fb07ec77671ae

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
4/26/2024 2:33:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Injector.BCS
801

Avira AntiVirus
TR/Kegotip.A.20
7.11.188.230

AVG
MSIL5
2015.0.3279

Baidu Antivirus
Trojan.Win32.InfoStealer
4.0.3.141126

Bitdefender
Trojan.Injector.BCS
1.0.20.1650

Dr.Web
BackDoor.Andromeda.559
9.0.1.0330

Emsisoft Anti-Malware
Trojan.Injector.BCS
8.14.11.26.11

ESET NOD32
MSIL/Injector.GLU (variant)
8.10782

Fortinet FortiGate
MSIL/Injector.GAP!tr
11/26/2014

F-Secure
Trojan.Injector.BCS
11.2014-26-11_4

G Data
Trojan.Injector.BCS
14.11.24

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.8.3.0

Kaspersky
Trojan-PSW.Win32.Minari
14.0.0.2888

Malwarebytes
Trojan.MSIL.BVXGen
v2014.11.26.11

McAfee
RDN/Generic.bfr!hx
5600.6935

MicroWorld eScan
Trojan.Injector.BCS
15.0.0.990

NANO AntiVirus
Trojan.Win32.Andromeda.djhenu
0.28.6.63726

Sophos
Troj/MSIL-AZF
4.98

Trend Micro House Call
Suspicious_GEN.F47V1125
7.2.330

File size:
135.5 KB (138,752 bytes)

Product version:
111.22.48.104

Copyright:
Icebox Mutely Manipulator

Trademarks:
Isomer Noradrenaline Limps

Original file name:
Martial.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\kb19961218.exe

File PE Metadata
Compilation timestamp:
11/24/2014 12:31:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:6mw3FKDJm9FJTHXAUylBXilPBd9BYzW+XoU3vza:6myFEJm9THXgilZd9B4W+L

Entry address:
0x2311E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8231

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
132.5 KB (135,680 bytes)

Windows Firewall Allowed Program
Name:
C:\DOCUME~1\Shaheen\LOCALS~1\Temp\KB19961218.exe


Remove kb19961218.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.