home

mstwain32.exe

The executable mstwain32.exe has been detected as malware by 36 anti-virus scanners.
MD5:
e9d6dae9a07f83fd6746c38b6aabf25a

SHA-1:
cb455494cbdde45021ba147a782fc5cec680bcb9

SHA-256:
792d3ce3227b4dd730c41a7db1a4b39f33f4b27eca16a7d009b21d573522fc91

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/24/2024 11:35:31 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Turkojan.Gen
7.1.1

AhnLab V3 Security
Win-Trojan/Turkojan.276992
2013.08.07

Avira AntiVirus
TR/Spy.Agent.AHAC
7.11.95.120

avast!
Win32:Turkojan-BZ [Trj]
2014.9-150527

AVG
BackDoor.Generic12
2016.0.3096

Bitdefender
Backdoor.Turkojan.BM
1.0.20.735

Clam AntiVirus
Trojan.Truko-424
0.98/18155

Comodo Security
Backdoor.Win32.Cakl.NAG
16717

Dr.Web
Trojan.Rent.14
9.0.1.0147

Emsisoft Anti-Malware
Backdoor.Turkojan.BM
8.15.05.27.11

ESET NOD32
Win32/Cakl.NAG
9.8655

Fortinet FortiGate
W32/AutoRun.FB!worm
5/27/2015

F-Prot
W32/Backdoor2.QAS
v6.4.7.1.166

F-Secure
Backdoor:W32/Turkojan.gen!A
11.2015-27-05_4

G Data
Backdoor.Turkojan.BM
15.5.22

IKARUS anti.virus
Backdoor.Win32.Turkojan
t3scan.2.0.3.0

K7 AntiVirus
Backdoor
13.170.9190

Kaspersky
Backdoor.Win32.Turkojan
14.0.0.1975

Malwarebytes
Trojan.Backdoor
v2015.05.27.11

McAfee
BackDoor-CZP.dr.gen.a
5600.6752

Microsoft Security Essentials
Backdoor:Win32/Turkojan.A
1.163.1557.0

MicroWorld eScan
Backdoor.Turkojan.BM
16.0.0.441

NANO AntiVirus
Trojan.Win32.Turkojan.jebp
0.24.0.53571

Norman
Turkojan.gen4
11.20150527

nProtect
Backdoor/W32.Turkojan.276992
13.08.06.03

Panda Antivirus
Bck/Turkojan.I
15.05.27.11

Quick Heal
Backdoor.Turkojan.A8
5.15.12.00

Rising Antivirus
Trojan.Win32.Nodef.dqw
23.00.65.15525

Sophos
Troj/Agent-GMF
4.91

SUPERAntiSpyware
Trojan.Agent/Gen-FraudLoad
9849

Total Defense
Win32/Turkojan.A
37.0.10498

Trend Micro House Call
BKDR_TURKOJAN.CU
7.2.147

Trend Micro
BKDR_TURKOJAN.CU
10.465.27

Vba32 AntiVirus
SScope.Trojan.SDP.26105
3.12.22.3

VIPRE Antivirus
Backdoor.Win32.Turkojan.il
20200

ViRobot
Backdoor.Win32.A.Turkojan.121856.A
2011.4.7.4223

File size:
270.5 KB (276,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\mstwain32.exe

File PE Metadata
Compilation timestamp:
6/19/1992 10:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:3G377xS2Vp2CeiorXdwTBgWx4v53SRdpcCJJvHi:2r7xS2Vp6RwTyCjbJJvHi

Entry address:
0x30464

Entry point:
55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, B8, 54, 03, 43, 00, E8, EE, 30, FD, FF, 8B, 1D, 34, 4D, 43, 00, 33, C0, 55, 68, 4E, 07, 43, 00, 64, FF, 30, 64, 89, 20, 68, 5C, 07, 43, 00, 6A, FF, 6A, 00, E8, 58, 32, FD, FF, 8B, 15, E0, 4C, 43, 00, 89, 02, E8, 43, 33, FD, FF, 3D, B7, 00, 00, 00, 75, 05, E8, CF, 1D, FD, FF, E8, AA, E4, FE, FF, E8, 91, DF, FF, FF, A1, B0, 4C, 43, 00, 80, B8, 10, 1A, 00, 00, 00, 75, 05, E8, C2, EC, FF, FF, E8, 01, C5, FE, FF, A1, B0, 4C, 43, 00, 80, B8, 10, 1A...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
190 KB (194,560 bytes)

Remove mstwain32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.