» kb25896103.exe
Overview
Analysis
File Details
Behaviors (1)

kb25896103.exe

Wireless Monitor

The executable kb25896103.exe, “WLAN Monitor MFC Application” has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘geserewacge’.

File name:

kb25896103.exe

Product:

Wireless Monitor

Description:

WLAN Monitor MFC Application

Version:

1.0.1.15

MD5:

fd6b256c3e1b8e87cd3c06cbe9729996

SHA-1:

aff6f392097719c319c6c5f107dfb4d8c5b1bfc6

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/25/2024 5:46:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2024086

778

AhnLab V3 Security

Trojan/Win32.Cutwail

2014.12.18

Avira AntiVirus

TR/Crypt.ZPACK.113474

7.11.196.138

AVG

PSW.Generic12

2015.0.3256

Baidu Antivirus

Trojan.Win32.Cutwail

4.0.3.141219

Bitdefender

Trojan.GenericKD.2024086

1.0.20.1765

Bkav FE

W32.SiruospetLTD.Trojan

1.3.0.6267

Dr.Web

Trojan.DownLoad.64914

9.0.1.0353

Emsisoft Anti-Malware

Trojan.GenericKD.2024086

8.14.12.19.01

ESET NOD32

Win32/Kryptik.CSUQ (variant)

8.10895

Fortinet FortiGate

W32/Cutwail.CSUQ!tr

12/19/2014

F-Secure

Trojan.GenericKD.2024086

11.2014-19-12_6

G Data

Trojan.GenericKD.2024086

14.12.24

IKARUS anti.virus

Trojan.Win32.Cutwail

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.188.14368

Kaspersky

Trojan.Win32.Cutwail

14.0.0.2775

Malwarebytes

Spyware.Pony

v2014.12.19.01

McAfee

Artemis!FD6B256C3E1B

5600.6912

MicroWorld eScan

Trojan.GenericKD.2024086

15.0.0.1059

NANO AntiVirus

Trojan.Win32.Rack.dkjwzh

0.28.6.64267

Norman

Sinowal.FSR

11.20141219

nProtect

Trojan.GenericKD.2024086

14.12.18.01

Panda Antivirus

Trj/CI.A

14.12.19.01

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_MOSERAN.BME

7.2.353

Trend Micro

TROJ_MOSERAN.BME

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

35832

File size:

149.8 KB (153,344 bytes)

Product version:

1.0.1.15

Original file name:

base.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/17/2014 4:14:57 AM

OS version:

4.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.30

CTPH (ssdeep):

3072:LhZZE9UdnISreTUV5b5cT+joyPeK7SVWxx0D0lEMFAPA5:LnZEKdBraTTNzIxx0A7d

Entry address:

0x42AB

Entry point:

E8, 2F, 23, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 1C, 56, FF, 75, 08, 8D, 4D, E4, E8, 05, FC, FF, FF, 8B, 45, 10, 8B, 75, 0C, 85, C0, 74, 02, 89, 30, 85, F6, 75, 24, E8, 4E, 13, 00, 00, C7, 00, 16, 00, 00, 00, E8, 1B, 25, 00, 00, 80, 7D, F0, 00, 74, 07, 8B, 45, EC, 83, 60, 70, FD, 33, C0, E9, E0, 01, 00, 00, 83, 7D, 14, 00, 74, 0C, 83, 7D, 14, 02, 7C, D0, 83, 7D, 14, 24, 7F, CA, 83, 65, FC, 00, 8B, 4D, E4, 53, 8A, 1E, 57, 8D, 7E, 01, 83, B9, AC, 00, 00, 00, 01, 7E, 17, 8D, 45, E4, 50, 0F... 
[+]

Entropy:

6.5058

Code size:

30.5 KB (31,232 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

geserewacge

Command:

C:\documents and settings\administrator\geserewacge.exe

Remove kb25896103.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.