» kernelscrollingtooltip.exe
Overview
Analysis
File Details
Behaviors (1)

kernelscrollingtooltip.exe

The application kernelscrollingtooltip.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 14988 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.

File name:

MD5:

708d8d92af51f8f6e78deae263612d4b

SHA-1:

6cee956466cd383cfd00378476fadfd9b03b1a86

SHA-256:

28509f8456b6de963a10eef1a15406778f0d4463ec12c13bbace2db58788cb52

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:08:47 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.145484

800

Agnitum Outpost

PUA.Pirrit

7.1.1

AhnLab V3 Security

PUP/Win32.PirritSuggestor

2014.06.27

Avira AntiVirus

TR/Graftor.145484.1

7.11.158.14

avast!

Win32:Adware-gen [Adw]

141119-1

AVG

Adware Generic5.AYAL

2014.0.4189

Bitdefender

Gen:Variant.Graftor.145484

1.0.20.1650

Clam AntiVirus

Win.Adware.Graftor-148

0.98/19086

Comodo Security

Application.Win32.Pirrit.A

18794

Dr.Web

Adware.Downware.5947

9.0.1.05190

Emsisoft Anti-Malware

Application.Generic.691539

9.0.0.4570

ESET NOD32

Win32/AdWare.Pirrit.A application

7.0.302.0

F-Prot

W32/A-5ea8f15e

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.145484

11.2014-26-11_4

G Data

Gen:Variant.Graftor.145484

14.11.24

IKARUS anti.virus

PUA.Pirrit

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.180.12586

Microsoft Security Essentials

Threat.Undefined

1.189.757.0

MicroWorld eScan

Gen:Variant.Graftor.145484

15.0.0.990

NANO AntiVirus

Riskware.Win32.Downware.dcieop

0.28.6.63726

Panda Antivirus

Trj/Genetic.gen

14.11.26.12

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.26.12

VIPRE Antivirus

Threat.4150696

29708

Zillya! Antivirus

Backdoor.PePatch.Win32.38722

2.0.0.1994

File size:

290.5 KB (297,509 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\importmotionodbc\kernelscrollingtooltip.exe

File PE Metadata

Compilation timestamp:

6/24/2014 5:42:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

6144:OyfPDM+DZ0l0Gd+yOAgo4PKFR+EDyl0V+GvmJyj/KiKIMQGJ7cMcTrEt3+bR:O/aZ8HKPKFR+KycfvmUj/gJ+fR

Entry address:

0x1590

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 2C, 79, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 58, 79, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 4C, 79, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 43, 00, E8, A6, 74, 02, 00, BA, F8, 71, 42, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, B0, 43, 00, 89, 04, 24, E8, 92, 74, 02, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 60, 44, 00, C7... 
[+]

Entropy:

6.3879

Code size:

226 KB (231,424 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:14988/

Local host port:

14988

Default credentials:

Remove kernelscrollingtooltip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.