home

Keratony.exe

Uncollec annumera

Emsi Software GmbH

The file Keratony.exe has been detected as malware by 25 anti-virus scanners.
Publisher:
Heaventools Software  (signed by Emsi Software GmbH)

Product:
Uncollec annumera

Description:
Sinningn

Version:
1.04.0005

MD5:
220bd4f822c4f621db7a4e95384a7ef2

SHA-1:
5616819d5fb62464cebe9786527dac9cc00d53ff

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/24/2024 1:57:59 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Bublik
7.1.1

AhnLab V3 Security
Backdoor/Win32.Shark
2013.09.02

avast!
Win32:VBCrypt-COD [Trj]
2014.9-160121

AVG
Generic34
2017.0.2858

Bitdefender
Trojan.GenericKDV.1164093
1.0.20.105

Comodo Security
UnclassifiedMalware
16862

Emsisoft Anti-Malware
Trojan.GenericKDV.1164093
8.16.01.21.11

ESET NOD32
Win32/Injector.AKND (variant)
10.8751

Fortinet FortiGate
W32/Bublik.BCLD!tr
1/21/2016

F-Secure
Trojan.GenericKDV.1164093
11.2016-21-01_5

G Data
Trojan.GenericKDV.1164093
16.1.22

IKARUS anti.virus
Virus.Win32.VBInject
t3scan.2.0.127

K7 AntiVirus
Riskware
13.170.9438

Kaspersky
Trojan.Win32.Bublik
14.0.0.783

McAfee
Artemis!220BD4F822C4
5600.6514

Microsoft Security Essentials
VirTool:Win32/VBInject.gen!JD
1.163.1557.0

MicroWorld eScan
Trojan.GenericKDV.1164093
17.0.0.63

NANO AntiVirus
Trojan.Win32.Bublik.cafobp
0.26.0.54268

Norman
Suspicious_Gen4.EPRPQ
11.20160121

Panda Antivirus
Trj/dtcontx.G
16.01.21.11

Sophos
Mal/Generic-S
4.91

Trend Micro House Call
TROJ_GEN.F0C2C0KHT13
7.2.21

Trend Micro
TROJ_GEN.F0C2C0KHT13
10.465.21

Vba32 AntiVirus
Trojan.Bublik
3.12.22.3

VIPRE Antivirus
Trojan.Win32.Generic
21078

File size:
549.9 KB (563,097 bytes)

Product version:
1.04.0005

Copyright:
Hibernic bebrothe extralit 2007

Original file name:
Keratony.exe

Language:
Chinois (Région administrative spéciale de Hong Ko

Digital Signature
Signed by:
Emsi Software GmbH

Authority:
VeriSign, Inc.

Valid from:
3/8/2011 1:00:00 AM

Valid to:
3/25/2012 12:59:59 AM

Subject:
CN=Emsi Software GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Emsi Software GmbH, L=Thalgau, S=Salzburg, C=AT

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4F3FBDF1D22370D2E649F8574AE2AA5F

File PE Metadata
Compilation timestamp:
7/31/2013 5:12:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:s9ZztCw2ABW+sbYzMwVjMSCgWdpibQc0/DJO:s9Zz7A9DwV/Cjdpwt0/DJO

Entry address:
0x1508

Entry point:
68, 94, 16, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, F6, A2, E4, CA, 0A, 17, 51, 4E, B3, 0D, 85, DC, 1A, 2D, 31, 09, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 20, 6C, FD, 00, 65, 71, 75, 61, 6E, 74, 73, 00, 00, 00, 00, 00, 01, 00, 05, 00, 18, 28, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 5C, 29, 40, 00, 6C, 30, 41, 00, 00, 00, 00, 00, 80, 9E, 18, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, 15, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
72 KB (73,728 bytes)

Remove Keratony.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.