» msn.exe
Overview
Analysis
File Details
Behaviors (1)

msn.exe

The executable msn.exe has been detected as malware by 14 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘apo5’.

File name:

msn.exe

MD5:

15eaab2939fd3d8bb044bb0d4ab67839

SHA-1:

329a02c37ff32cda403e131a775153dbeeadf9c8

SHA-256:

72a330f36deb07e1abbb5872416007ed3aeae0ccb7a89bc39dcc10b5522d7557

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/19/2024 10:54:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

5813612

avast!

Win32:Vitro

160201-0

AVG

Win32/Virut

2015.0.4489

Dr.Web

Win32.Virut.56

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

10.0.0.5366

ESET NOD32

Win32/Virut.NBP virus

7.0.302.0

F-Prot

W32/Virut.E.gen

4.6.5.141

F-Secure

Win32.Virtob.Gen.12

5.15.21

Kaspersky

Virus.Win32.Virut

15.0.0.562

McAfee

Virus.W32/Worm-FXE!67E31349CF7E

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5087.0

Norman

Win32.Virtob.Gen.12

11.01.2016 17:30:26

Sophos

Virus 'W32/Scribble-B'

5.23

VIPRE Antivirus

Threat.4737366

46244

File size:

463 KB (474,112 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

9/13/2010 3:36:31 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.20

CTPH (ssdeep):

6144:PafsiuvAQ+tTm6cyERSiytj71cOE4jKS6vE/IFgWB:MCvAQ+q6ctRt636OfjOsAuc

Entry address:

0xD4F12

Entry point:

FC, 90, 8A, D2, 83, 3C, 24, FE, 8D, 00, 77, FE, 84, EF, 8D, 64, 24, CC, 60, 83, EC, DC, E8, F0, FE, FF, FF, 42, 4B, 4A, 66, 4B, 87, D6, 86, D2, 75, F8, 01, C8, B6, 6F, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 73, E6, 8D, 55, FA, 90, 86, C4, 81, D9, E6, 13, 00, 00, 71, D8, 86, C0, 42, 40, FF, B4, 19, E4, 13, 00, 80, F6, D2, 83, C4, 04, BE, A3, B0, 19, 8B, 66, 81, 44, 24, FC, B0, BA, 75, BA, 87, FE, 8D, 12, 8D, 47, 77, 68, EA, 6F, BD, A6, 31, D6, E8, 38, FC, FF, FF, 89, 74, 24, 44, E8, C3, FE, FF, FF, F6, D2... 
[+]

Entropy:

5.5487

Code size:

232 KB (237,568 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

apo5

Command:

C:\win\msn.exe

Remove msn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.