lgneva.exe

LGeneva

The executable lgneva.exe has been detected as malware by 9 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘lgneva’.
Publisher:
LGeneva

Product:
LGeneva

Version:
3.00

MD5:
5a8d9a1d65ca782aad4f5a8123dee543

SHA-1:
efbf3096280ac567c122b8ce23d969eaeb7ca9ad

SHA-256:
5efbe35eba30a7e7b91dd9501b1ad601d04e1da74562580ea5d01248b79f6bfc

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
2/23/2014 2:35:30 PM UTC  (nine months ago)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.114.252

Baidu Antivirus
Trojan.Win32.VB
4.0.3.14124

Bitdefender
Gen:Trojan.Heur.VP2.em0@aexNjDai
1.0.20.120

Emsisoft Anti-Malware
Gen:Trojan.Heur.VP2.em0@aexNjDai
8.14.01.24.10

ESET NOD32
Win32/Spy.VB.NTD (variant)
8.9077

F-Secure
Gen:Trojan.Heur.VP2.em0@aexNjDai
11.2014-24-01_6

G Data
Gen:Trojan.Heur.VP2.em0@aexNjDai
14.1.22

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-BAY.K
7.7241

MicroWorld eScan
Gen:Trojan.Heur.VP2.em0@aexNjDai
15.0.0.72

File size:
68 KB (69,632 bytes)

Product version:
3.00

Original file name:
lgneva.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\lgneva.exe

File PE Metadata
Compilation timestamp:
11/21/2013 3:50:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:Cvbnhavegv7cl7U7ReMPFjeQocytdNgosi4fseVF1hzq+B9xHkF9UgXu:Cv7iegjC7Edj+cyt761Bqm1g+

Entry address:
0x1B84

Entry point:
68, 08, 2A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, B3, ED, 1A, 69, BB, 73, D8, 4E, A9, 63, 30, 51, C8, 09, 77, 8A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 23, 30, 23, 43, 3A, 5C, 57, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, 39, 48, B8, A7, E2, A9, 3A, 42, 89, D2, 17, C6, C3, 6C, 9A, CC, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Entropy:
5.2079

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
56 KB (57,344 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
lgneva

Command:
C:\windows\lgneva.exe


Detection Incidence by Country