» molebox.exe
Overview
Analysis
File Details

molebox.exe

Teggo Software Ltd.

File name:

molebox.exe

Publisher:

Teggo Software Ltd. (signed and verified)

Description:

Teggo Molebox Ultra

Version:

4, 0, 0, 1900

MD5:

41800ebe6069c9c51989eaaea6dc6110

SHA-1:

c72e353df834452f36f36eacf8e81fccf49bfda6

SHA-256:

0b1ef791a7338d429305951fa38f5ad921f1bff73ec1f9d936a7ca96f0e576f0

Scanner detections:

18 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 9:15:06 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Refroso

7.1.1

AhnLab V3 Security

Trojan/Win32.Refroso

2014.12.19

Avira AntiVirus

TR/Crypt.ZPACK.Gen2

7.11.196.174

AVG

Generic20

2017.0.2821

Bkav FE

HW32.Packed

1.3.0.6267

ESET NOD32

Win32/Packed.MoleboxUltra (variant)

10.10901

Fortinet FortiGate

W32/Refroso.CHET!tr

2/26/2016

K7 AntiVirus

Trojan

13.188.14380

McAfee

Artemis!41800EBE6069

5600.6477

NANO AntiVirus

Trojan.Win32.Refroso.tlmhh

0.28.6.64267

Norman

Suspicious_Gen2.HPIQN

11.20160226

nProtect

Trojan/W32.Refroso.2560944

14.12.18.01

Rising Antivirus

PE:Trojan.Win32.Generic.12A512EE!312808174

23.00.65.16224

Sophos

Mal/Generic-S

4.98

Vba32 AntiVirus

Trojan.Refroso

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35858

ViRobot

Trojan.Win32.S.Refroso.2560944[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Refroso.Win32.25536

2.0.0.2008

File size:

2.4 MB (2,560,944 bytes)

Product version:

4, 0, 0, 1900

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Digital Signature

Signed by:

Teggo Software Ltd.

Authority:

Teggo Software Ltd.

Valid from:

10/21/2008 4:10:27 PM

Valid to:

1/1/2040 7:59:59 AM

Subject:

E=monster@teggo.com, CN=Teggo Software, O=Teggo Software Ltd.

Issuer:

E=monster@teggo.com, CN=Teggo Root CA, O=Teggo Software Ltd.

Serial number:

93BCCEE6724371A24B0B280EE6ABD459

File PE Metadata

Compilation timestamp:

6/19/2009 9:58:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.108

CTPH (ssdeep):

49152:jjqu9XpcF9muXFxLG+ZQSMwxi5woHYEq6wUSCpNH+PQJ/8yOQG70:jjV9Xp7KxLzQSMpCQjsUJpNH1FZG70

Entry address:

0x14C0

Entry point:

E8, 00, 00, 00, 00, 83, 04, 24, 0F, FF, 15, 2C, C0, 60, 00, E9, 30, FB, FF, FF, 6D, 6F, 6C, 65, 6C, 69, 63, 2E, 62, 6F, 78, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9919 (probably packed)

Code size:

2 MB (2,142,208 bytes)

Scan molebox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.