» lohailwe.exe
Overview
Analysis
File Details
Behaviors (1)

lohailwe.exe

The executable lohailwe.exe has been detected as malware by 32 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.

File name:

lohailwe.exe

MD5:

7cc6f479399302e77ce02fffc63c97c0

SHA-1:

a861511b0f9dae8df48656d81f3bfbc87b2cb493

SHA-256:

5127e25f6eeb3762ff1e0f1e11488d0a13f4431b4b7257f63584f402f2dc05bf

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/19/2024 6:14:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12041789

827

AhnLab V3 Security

Trojan/Win32.ZBot

2014.10.31

Avira AntiVirus

TR/Crypt.ZPACK.Gen

7.11.30.172

avast!

Win32:Malware-gen

141025-0

AVG

Win32/Cryptor

2014.0.4040

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.14112

Bitdefender

Trojan.Generic.12041789

1.0.20.1515

Bkav FE

HW32.Packed

1.3.0.6185

Clam AntiVirus

Win.Trojan.Agent-807124

0.98/21411

Comodo Security

TrojWare.Win32.Kryptik.COAW

19945

Dr.Web

Trojan.Siggen6.22973

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Generic.12041789

8.14.10.30.07

ESET NOD32

Win32/Kryptik.COTN (variant)

8.10646

Fortinet FortiGate

W32/Kryptik.CJJL!tr

10/30/2014

F-Secure

Trojan.Generic.12041789

11.2014-30-10_5

G Data

Trojan.Generic.12041789

14.10.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13853

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3021

Malwarebytes

Trojan.FakeMS

v2014.10.30.07

McAfee

PWSZbot-FADO!7CC6F4793993

5600.6961

Microsoft Security Essentials

Threat.Undefined

1.187.750.0

nProtect

Trojan.Generic.12041789

14.10.30.01

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.2.7

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.141028

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Kryptik

10267

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.306

Trend Micro

TROJ_FORUCON.BMC

10.465.02

VIPRE Antivirus

Threat.4150696

34232

ViRobot

Dropper.S.Agent.291496

2011.4.7.4223

File size:

284.7 KB (291,496 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\lohailwe.exe

File PE Metadata

Compilation timestamp:

7/20/2010 1:55:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:RIfb1g2r4Ha1mH0BSsE0mBTpBiNVFJb9AC5NqfU4PB:RWRg2r51mH0BPSpMJJxA4NclB

Entry address:

0xD6AC

Entry point:

55, 8B, EC, 81, EC, 58, 01, 00, 00, EB, 61, 03, C7, EB, 5D, 83, F3, 9B, B8, 42, 88, 68, 47, 68, 00, C5, B6, 37, 51, 68, 00, 61, 5E, 2F, 57, E8, 6B, 19, 00, 00, 83, C4, 10, EB, 3F, 81, C6, 00, 05, AA, 8D, 89, 95, A8, FE, FF, FF, F7, C6, D9, 00, 00, 00, 75, 2B, B8, A7, 00, 00, 00, 2B, F1, 89, 85, 3C, FF, FF, FF, 57, 6A, 8D, 6A, B1, 68, 00, 14, 32, 1B, 6A, 18, E8, F2, 19, 00, 00, 83, C4, 14, 56, 56, E8, 2A, 19, 00, 00, 83, C4, 08, 53, 8B, 15, 7C, 4A, 43, 00, 89, 95, 34, FF, FF, FF, 56, 89, 85, 34, FF, FF, FF... 
[+]

Entropy:

7.8871

Developed / compiled with:

Microsoft Visual C++

Code size:

100 KB (102,400 bytes)

Scheduled Task

Task name:

Security Center Update - 2164614966

Trigger:

Daily (Runs daily at 11:00 PM)

Description:

Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin

Remove lohailwe.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.