» machine32.exe
Overview
Analysis
File Details
Behaviors (1)

machine32.exe

The executable machine32.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘machine32.exe’.

File name:

machine32.exe

MD5:

6b2de2e929df826d6b6b8fe8ef261d57

SHA-1:

eda9f83d3bff20003ff41d221b22c72f31c6ef03

SHA-256:

2633c90ce8b6f642657c1f07a676b89be2d761a65dc490af818d25eda290841b

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/19/2024 1:11:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1656608

778

Agnitum Outpost

Trojan.Packed

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2014.06.23

Avira AntiVirus

TR/Spy.Banker.aaul.1

7.11.156.32

avast!

Win32:Malware-gen

2014.9-141219

AVG

PSW.Banker6

2015.0.3256

Baidu Antivirus

Trojan.Win32.Banker

4.0.3.141219

Bitdefender

Trojan.GenericKD.1656608

1.0.20.1765

Comodo Security

UnclassifiedMalware

18630

Dr.Web

Trojan.Packed.26566

9.0.1.0353

Emsisoft Anti-Malware

Trojan.GenericKD.1656608

8.14.12.19.10

ESET NOD32

Win32/Spy.Banker.AAUL (variant)

8.9982

Fortinet FortiGate

W32/Banker.AAUL!tr.spy

12/19/2014

F-Prot

W32/Banker.T.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1656608

11.2014-19-12_6

G Data

Trojan.GenericKD.1656608

14.12.24

IKARUS anti.virus

Trojan-PWS.Banker6

t3scan.1.6.1.0

K7 AntiVirus

Spyware

13.180.12484

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2773

Malwarebytes

Trojan.Banker

v2014.12.19.10

McAfee

GenericR-AMZ!6B2DE2E929DF

5600.6912

MicroWorld eScan

Trojan.GenericKD.1656608

15.0.0.1059

NANO AntiVirus

Trojan.Win32.Banker.cxafou

0.28.0.60253

Norman

Banker.GKVK

11.20141219

nProtect

Trojan.GenericKD.1656608

14.06.22.01

Panda Antivirus

Generic Malware

14.12.19.10

Qihoo 360 Security

Win32/Trojan.234

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.23

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.11F514

7.2.353

Trend Micro

TROJ_SPNR.11F514

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

30544

File size:

2 MB (2,108,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\machine32.exe

File PE Metadata

Compilation timestamp:

4/26/2014 3:05:45 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:u4DvCvSylz+IYhDSSW7NSMzU5oJzXDfY7:u4D6l4PWqKhDfY7

Entry address:

0x1758D4

Entry point:

55, 8B, EC, 83, C4, F0, B8, F8, B5, 56, 00, E8, B4, 4D, E9, FF, A1, E0, B9, 57, 00, 8B, 00, E8, 34, 91, F4, FF, A1, E0, B9, 57, 00, 8B, 00, B2, 01, E8, 1A, AE, F4, FF, 8B, 0D, B8, BC, 57, 00, A1, E0, B9, 57, 00, 8B, 00, 8B, 15, 90, A4, 56, 00, E8, 26, 91, F4, FF, 8B, 0D, 1C, BB, 57, 00, A1, E0, B9, 57, 00, 8B, 00, 8B, 15, 4C, 8E, 56, 00, E8, 0E, 91, F4, FF, A1, E0, B9, 57, 00, 8B, 00, E8, 52, 92, F4, FF, E8, 51, 0D, E9, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

1.5 MB (1,524,224 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

machine32.exe

Command:

C:\users\{user}\appdata\roaming\machine32.exe

Remove machine32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.