» lineage.exe
Overview
Analysis
File Details
Behaviors (1)

lineage.exe

lineage

The executable lineage.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘lineage’.

File name:

lineage.exe

Product:

lineage

Version:

1.00

MD5:

0a874aa77c4987fc285c4e518e2efb05

SHA-1:

9e83b7dc65f25ce36b6391b4e2ea8c2766de76ce

SHA-256:

16a11a7f88f525e721309e1f4dcc3e91d2161a4401dc41814fc73c0452e82400

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

4/24/2024 11:09:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

524

Agnitum Outpost

Trojan.VB

7.1.1

Avira AntiVirus

TR/Crypt.XPACK.Gen

8.3.1.6

Arcabit

Trojan.Heur.VB.ED153B5

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150830

AVG

VB2

2016.0.3002

Baidu Antivirus

Trojan.Win32.VB

4.0.3.15830

Bitdefender

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

1.0.20.1210

Comodo Security

UnclassifiedMalware

22827

Emsisoft Anti-Malware

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

8.15.08.30.02

ESET NOD32

Win32/VB.RTR (variant)

9.11971

Fortinet FortiGate

W32/VB.RTR!tr

8/30/2015

F-Secure

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

11.2015-30-08_1

G Data

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

15.8.25

IKARUS anti.virus

Trojan.Win32.VB

t3scan.1.9.5.0

K7 AntiVirus

P2PWorm

13.207.16622

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1505

McAfee

RDN/Generic.dx!djt

5600.6658

MicroWorld eScan

Gen:Trojan.Heur.VB.cq0@eeJ0!Zmb

16.0.0.726

NANO AntiVirus

Trojan.Win32.XPACK.dotsbz

0.30.24.2487

Panda Antivirus

Trj/Chgt.O

15.08.30.02

Rising Antivirus

PE:Trojan.Win32.Generic.182AB27D!405451389

23.00.65.15828

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R03AC0EC915

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

42190

File size:

40 KB (40,960 bytes)

Product version:

1.00

Original file name:

lineage.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\common files\lineage.exe

File PE Metadata

Compilation timestamp:

2/5/2015 1:25:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:ccfiKESU/x3AsiH7HgThHW7jxH7dT/sTXH/7vMnU7I7GH7kN7v75H7b7IXGDjLoh:cwi9MSh4pKX4nkCMWPfT

Entry address:

0x15F4

Entry point:

68, 30, 7A, 40, 00, E9, 0E, 6B, 00, 00, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 53, 5A, D3, 59, 24, 17, C8, 4B, 8A, 08, 5F, A6, 73, 2C, F4, 26, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 20, 08, 41, 00, 6C, 69, 6E, 65, 61, 67, 65, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, 29, 2E, 34, 20, 06, F4, 2B, 4E, A6, 55, 65, 3B, 05, 4F, A2, D7, 7F, D7, EF, 58, 2A, 1C, 53, 42, 99, 8B, 59, 61, 9E, A3, 87, 96, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

4.6266

Code size:

24 KB (24,576 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

lineage

Command:

C:\Program Files\common files\lineage.exe

Remove lineage.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.