» msconfig.exe
Overview
Analysis
File Details
Behaviors (1)

msconfig.exe

Microsoft Windows Operating System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable msconfig.exe has been detected as malware by 28 anti-virus scanners.

File name:

msconfig.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft(R) Windows(R) Operating System

Description:

msconfig

Version:

1, 0, 0, 90

MD5:

dac9c1194d7b4ce54c184c08e3884812

SHA-1:

894db602e8726207195448061b3760ca735c0e10

SHA-256:

cfd98b76455b0ca717bb6340da5ded10191e35b2b754e25f89c4ded341a544c3

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/25/2024 3:23:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.41263

6339179

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Msposer

2015.04.01

avast!

Win32:FileInfector-A [Heur]

150319-0

AVG

Agent4

2016.0.3153

Bitdefender

Gen:Variant.Graftor.41263

1.0.20.455

Comodo Security

TrojWare.Win32.TrojanDownloader.Dalamodo.A

21607

Dr.Web

Trojan.Packed.22267

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Graftor.41263

9.0.0.4799

ESET NOD32

Win32/TrojanDownloader.Dalamodo.B trojan

7.0.302.0

Fortinet FortiGate

W32/Dalamodo.A!tr

4/1/2015

F-Prot

W32/Cossta.C2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Graftor.41263

5.13.68

G Data

Gen:Variant.Graftor.41263

15.4.25

IKARUS anti.virus

Trojan.Win32.Cossta

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.202.15443

Kaspersky

Trojan.Win32.Agent

15.0.0.543

McAfee

Suspect-AN!DAC9C1194D7B

5600.6809

Microsoft Security Essentials

Threat.Undefined

1.195.475.0

MicroWorld eScan

Gen:Variant.Graftor.41263

16.0.0.273

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.30.8.659

Norman

Gen:Variant.Graftor.41263

03.12.2014 13:20:04

nProtect

Trojan/W32.Agent.250608.B

15.03.31.01

Panda Antivirus

Trj/Genetic.gen

15.04.01.12

Rising Antivirus

PE:Trojan.Agent!1.64CE

23.00.65.15330

Vba32 AntiVirus

Trojan.Agent

3.12.26.3

VIPRE Antivirus

Threat.4150696

38552

Zillya! Antivirus

Trojan.Agent.Win32.396241

2.0.0.2123

File size:

244.7 KB (250,608 bytes)

Product version:

1, 0, 0, 90

Original file name:

msconfig89.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\msconfig.exe

File PE Metadata

Compilation timestamp:

6/19/2013 12:22:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:zM6V59S+32r96E5VDJCTpZ2JndsR/poazl19fK3CmR1FyNWJM1PAcrqpIoumF/R:I6V3Sx9c0mXA1gyOEL

Entry address:

0xA736

Entry point:

55, 8B, EC, 6A, FF, E8, C0, 3A, 03, 00, 68, A6, A8, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 14, C2, 42, 00, 59, 83, 0D, D4, C2, 43, 00, FF, 83, 0D, D8, C2, 43, 00, FF, FF, 15, 10, C2, 42, 00, 8B, 0D, 90, C2, 43, 00, 89, 08, FF, 15, 0C, C2, 42, 00, 8B, 0D, 8C, C2, 43, 00, 89, 08, A1, 08, C2, 42, 00, 8B, 00, A3, D0, C2, 43, 00, E8, 2E, 01, 00, 00, 39, 1D, 60, 74, 43, 00, 75, 0C, 68, D0, A8, 40, 00, FF, 15, 04, C2... 
[+]

Entropy:

5.8513

Developed / compiled with:

Microsoft Visual C++

Code size:

172 KB (176,128 bytes)

User Start Menu Item

Name:

msconfig.exe

Remove msconfig.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.