» minecraft forceop.exe.exe.96839.gzquar
Overview
Analysis
File Details

minecraft forceop.exe.exe.96839.gzquar

Remote Service Application

Microsoft Corp.

The file minecraft forceop.exe.exe.96839.gzquar has been detected as malware by 38 anti-virus scanners.

File name:

Publisher:

Microsoft Corp.

Product:

Remote Service Application

Version:

1, 0, 0, 1

MD5:

1f3e9ea2e63d3c1f44dafb213e204795

SHA-1:

f8ae94fb5d78103e91c504365351b24fa4678bca

SHA-256:

26a25b6c4674e700b40f5f9a4dd298c22f916576e0b4a4f95ac3d3888ccf97ca

Scanner detections:

38 / 68

Status:

Malware

Analysis date:

4/19/2024 6:17:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.EM0@re4d8OaS

737

Agnitum Outpost

Trojan.Comet.Gen.LO

7.1.1

AhnLab V3 Security

Win-Trojan/Graybird.678400

2015.01.06

Avira AntiVirus

TR/Spy.Gen2

7.11.199.164

avast!

Win32:Flooder-GR [Trj]

2014.9-150128

AVG

BackDoor.Delf

2016.0.3215

Bitdefender

Gen:Trojan.Heur.EM0@re4d8OaS

1.0.20.140

Bkav FE

W32.OnGamesLTESFJVO.Trojan

1.3.0.6267

Clam AntiVirus

WIN.Trojan.DarkKomet

0.98/21511

Comodo Security

Backdoor.Win32.Agent.XAB

20611

Dr.Web

BackDoor.Comet.134

9.0.1.028

Emsisoft Anti-Malware

Gen:Trojan.Heur.EM0@re4d8OaS

8.15.01.28.12

ESET NOD32

Win32/Fynloski.AA

9.10969

Fortinet FortiGate

W32/DarkKomet.ID!tr.bdr

1/28/2015

F-Prot

W32/S-76d41e96

v6.4.7.1.166

F-Secure

Gen:Trojan.Heur.EM0@re4d8OaS

11.2015-28-01_4

G Data

Gen:Trojan.Heur.EM0@re4d8OaS

15.1.24

IKARUS anti.virus

Trojan.Win32.CDur

t3scan.1.8.5.0

K7 AntiVirus

Riskware

13.1814541

Kaspersky

Backdoor.Win32.Azbreg

14.0.0.2572

Malwarebytes

Backdoor.Agent.DCRSAGen

v2015.01.28.12

McAfee

Generic BackDoor.xa

5600.6871

Microsoft Security Essentials

Backdoor:Win32/Fynloski.A

1.11302

MicroWorld eScan

Gen:Trojan.Heur.EM0@re4d8OaS

16.0.0.84

NANO AntiVirus

Trojan.Win32.Comet.bqolsq

0.30.0.64448

Norman

Fynloski.X

11.20150128

Panda Antivirus

Generic Malware

15.01.28.12

Quick Heal

Backdoor.Fynloski.A9

1.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.1.28.12

Rising Antivirus

PE:Backdoor.Pontoeb!1.6637

23.00.65.15126

Sophos

Troj/StWrs-A

4.98

Total Defense

Win32/Fynloski.GEIIKeC

37.0.11370

Trend Micro House Call

BKDR_FYNLOS.SMIA

7.2.28

Trend Micro

BKDR_FYNLOS.SMIA

10.465.28

Vba32 AntiVirus

TScope.Trojan.Delf

3.12.26.3

VIPRE Antivirus

Backdoor.Win32.Fynloski.A

36408

ViRobot

Backdoor.Win32.Agent.1681266[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Fynloski.Win32.452

2.0.0.2026

File size:

2.5 MB (2,604,544 bytes)

Product version:

4, 0, 0, 0

Original file name:

MSRSAAP.EXE

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/3/2012 11:33:20 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:3gEjyITimVAmKZVYE7V9FzAr1pSdriv4Jc0B:3Xjyyi09uBUrydrivwB

Entry address:

0x90888

Entry point:

55, 8B, EC, B9, 2D, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 9C, F3, 48, 00, E8, 30, 6E, F7, FF, 33, C0, 55, 68, 50, 15, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 33, F7, F7, FF, A1, B4, 58, 49, 00, C6, 00, 01, E8, DE, B6, FF, FF, B2, 01, A1, 3C, EE, 48, 00, E8, D6, E5, FF, FF, A3, F0, F3, 49, 00, 33, D2, 55, 68, 08, 0A, 49, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 68, 15, 49, 00, A1, F0, F3, 49, 00, E8, 25, E6, FF, FF, 8B, 55, EC, A1, 3C, 5B, 49, 00, E8, 80, 4C, F7, FF, 8D, 55, E0, 33... 
[+]

Entropy:

6.7583

Developed / compiled with:

Microsoft Visual C++

Code size:

577 KB (590,848 bytes)

Remove minecraft forceop.exe.exe.96839.gzquar - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.