» msrvcsuv.com
Overview
Analysis
File Details

msrvcsuv.com

{70166A21-2F6A-4CC0-822C-607696D8F4B7}

The file msrvcsuv.com has been detected as malware by 22 anti-virus scanners.

File name:

msrvcsuv.com

Publisher:

{70166A21-2F6A-4CC0-822C-607696D8F4B7} (signed and verified)

MD5:

fb36918ed5c85a0dba4c5cbe974cee1d

SHA-1:

1e5a12e4c5a056a89566706be5d3cb915486996a

SHA-256:

21f196ef21e686c93ddb7669856beb5a90fc7e730ee41002c98d29bda899f9d3

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

5/4/2024 10:02:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1668729

1002

AhnLab V3 Security

Backdoor/Win32.Necurs

14.05.08

Avira AntiVirus

TR/Dropper.MSIL.42369

7.11.148.36

AVG

MSIL3

2015.0.3480

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.1458

Bitdefender

Trojan.GenericKD.1668729

1.0.20.640

Dr.Web

BackDoor.Andromeda.22

9.0.1.0128

Emsisoft Anti-Malware

Trojan.GenericKD.1668729

8.14.05.08.11

ESET NOD32

MSIL/Injector.DNK (variant)

8.9770

Fortinet FortiGate

W32/Androm.DTEC!tr.bdr

5/8/2014

F-Secure

Trojan.GenericKD.1668729

11.2014-08-05_5

G Data

Trojan.GenericKD.1668729

14.5.24

IKARUS anti.virus

Trojan-Signed:Agent

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12013

Kaspersky

Backdoor.Win32.Androm

14.0.0.3895

Malwarebytes

Trojan.Inject

v2014.05.08.11

McAfee

Artemis!FB36918ED5C8

5600.7136

MicroWorld eScan

Trojan.GenericKD.1668729

15.0.0.384

Norman

Suspicious_Gen4.GHDZN

11.20140508

Panda Antivirus

Trj/CI.A

14.05.08.11

Sophos

Troj/MSIL-RD

4.98

Trend Micro House Call

TROJ_GEN.R047H08E614

7.2.128

File size:

155.1 KB (158,784 bytes)

Common path:

C:\users\anitap~1\locals~1\temp\msrvcsuv.com

Digital Signature

Signed by:

{70166A21-2F6A-4CC0-822C-607696D8F4B7}

Authority:

{70166A21-2F6A-4CC0-822C-607696D8F4B7}

Valid from:

4/18/2014 8:47:18 PM

Valid to:

4/19/2015 2:47:18 AM

Subject:

CN={70166A21-2F6A-4CC0-822C-607696D8F4B7}

Issuer:

CN={70166A21-2F6A-4CC0-822C-607696D8F4B7}

Serial number:

3F0DF1EBD88FB1B94D119CFFAC6B01C9

File PE Metadata

Compilation timestamp:

5/5/2014 9:27:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:HqsN1mT3oMM6UrHVqpnw22lMiUEheXEbVWUS0UeB+F9WIg:KsN1uoMgZNrTrhqEbVPSNFQIg

Entry address:

0x2784E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2278

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

150.5 KB (154,112 bytes)

Remove msrvcsuv.com - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.