» killemall.scr
Overview
Analysis
File Details

killemall.scr

KillEmAll

John Shaw

File name:

killemall.scr

Publisher:

Foolish IT (signed by John Shaw)

Product:

KillEmAll

Description:

Attempts to terminate all running non-essential processes.

Version:

1.02.0004

MD5:

d9f4336a25b7a7a3eecc8068cd2cae9a

SHA-1:

0931897979e3721d2b303a9106a77ee99dbbfc1b

SHA-256:

9a354441383b3f1b3b8532ad9120df993c8779f56c2054bc08a8cb2fc3596a22

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/23/2024 10:35:03 PM UTC (today)

File size:

358.9 KB (367,496 bytes)

Product version:

1.02.0004

Foolish IT

Original file name:

KillEmAll.exe

Common path:

C:\Program Files\smtech\fixmemonitor\tools\malware\killemall.scr

Digital Signature

Signed by:

John Shaw

Authority:

StartCom Ltd.

Valid from:

2/16/2012 8:30:13 PM

Valid to:

2/17/2014 5:18:06 PM

Subject:

E=nick@obxcompguy.com, CN=John Shaw, L=Manteo NC, S=North Carolina, C=US, Description=Q060IjEkExVuy25F

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0545

File PE Metadata

Compilation timestamp:

1/2/2012 8:13:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:V+qxcPJFjsdwbQFdJQc/Y++uEI7QqMfNePOmt:VxcJFjsdwUvJQc/1f7JUNePN

Entry address:

0x5614

Entry point:

68, 04, 5A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 17, 1E, C6, FF, A5, 4D, 5A, 48, B8, 62, DD, 1C, A1, 1A, 10, FF, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4B, 69, 6C, 6C, 45, 6D, 41, 6C, 6C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 11, 00, A4, 8D, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00, 28, 91, 40, 00, 68, 61, 45, 00, 00, 00, 00, 00, 88, 1D, F6, 03, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.6925

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

340 KB (348,160 bytes)

Scan killemall.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.