» msdn.exe
Overview
Analysis
File Details
Behaviors (1)

msdn.exe

The executable msdn.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Keyboard Inf.’.

File name:

msdn.exe

MD5:

f46fce3dbb682a4c30f96af62da8f54c

SHA-1:

bb15cdb426dcf9e48e60e1536de9901332b0c236

SHA-256:

c77cedb91ab897d1bd51fd4900ebaee23a752947c2f59a3af1fe9daf932261e8

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/23/2024 6:30:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1564608

1017

Agnitum Outpost

Trojan.CoinMiner

7.1.1

AhnLab V3 Security

Trojan/Win32.FakeWarn

14.04.23

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.142.76

avast!

Win32:Malware-gen

2014.9-140423

AVG

CoinMiner

2015.0.3495

Baidu Antivirus

Trojan.Win32.CoinMiner

4.0.3.14423

Bitdefender

Trojan.GenericKD.1564608

1.0.20.565

Comodo Security

UnclassifiedMalware

18079

Dr.Web

Trojan.BtcMine.368

9.0.1.0113

Emsisoft Anti-Malware

Trojan.GenericKD.1564608

8.14.04.23.08

ESET NOD32

Win32/CoinMiner.JX (variant)

8.9658

Fortinet FortiGate

W32/CoinMiner.JX!tr

4/23/2014

F-Secure

Trojan.GenericKD.1564608

11.2014-23-04_4

G Data

Trojan.GenericKD.1564608

14.4.24

IKARUS anti.virus

Trojan.CoinMiner

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11711

Kaspersky

Trojan.Win32.CoinMiner

14.0.0.3971

Malwarebytes

Trojan.Dropper

v2014.04.23.08

McAfee

RDN/Generic.dx!c2s

5600.7151

MicroWorld eScan

Trojan.GenericKD.1564608

15.0.0.339

NANO AntiVirus

Trojan.Win32.XPACK.ctjkzx

0.28.0.59048

Norman

Suspicious_Gen4.FTLHL

11.20140423

nProtect

Trojan.GenericKD.1564608

14.04.09.01

Panda Antivirus

Trj/Genetic.gen

14.04.23.08

Qihoo 360 Security

HEUR/Malware.QVM05.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Inject.C!generic

37.0.10869

Trend Micro House Call

TROJ_SPNR.32BB14

7.2.113

Trend Micro

TROJ_SPNR.32BB14

10.465.23

Vba32 AntiVirus

Trojan.CoinMiner.f

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28186

File size:

230.4 KB (235,908 bytes)

File type:

Executable application (Win32 EXE)

Language:

Turkish (Turkey)

Common path:

C:\users\{user}\appdata\roaming\macromedia\msdn.exe

File PE Metadata

Compilation timestamp:

1/19/2014 3:48:03 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.50

CTPH (ssdeep):

6144:thM9XgPoasCGVzoF6ttSKQFjRyciCL9fgRYk:thWXUN4SKyjR3dfk

Entry address:

0x1000

Entry point:

68, E4, 01, 00, 00, 68, 00, 00, 00, 00, 68, A0, B9, 41, 00, E8, FC, 7F, 00, 00, 83, C4, 0C, 68, 00, 00, 00, 00, E8, F5, 7F, 00, 00, A3, A4, B9, 41, 00, 68, 00, 00, 00, 00, 68, 00, 10, 00, 00, 68, 00, 00, 00, 00, E8, E2, 7F, 00, 00, A3, A0, B9, 41, 00, E8, DC, 3A, 01, 00, E8, 90, 39, 01, 00, E8, 62, 2B, 01, 00, E8, BC, 28, 01, 00, E8, 08, 23, 01, 00, E8, EA, 19, 01, 00, E8, D2, 7F, 00, 00, C7, 05, 01, 70, 41, 00, 06, 00, 00, 02, E8, FF, 3A, 01, 00, 50, 68, 5A, A4, 41, 00, E8, DD, 70, 00, 00, 68, AC, B9, 41... 
[+]

Packer / compiler:

PKLITE32, 0x1.1

Code size:

81 KB (82,944 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Keyboard Inf.

Command:

C:\users\{user}\appdata\roaming\macromedia\msdn.exe

Remove msdn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.