home

mszahy.exe

{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

The executable mszahy.exe has been detected as malware by 31 anti-virus scanners.
Publisher:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}  (signed and verified)

MD5:
c6170e83676d320765ec51d8709ade76

SHA-1:
1a56a2dd779db919dbd3f683aba4f9c2298b7f80

SHA-256:
4d978b31cae63051253d2f8f4ee9ead6164a7871046c57dd6103d9577cbc5998

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/27/2024 2:59:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.Jatif.Gen.1
55

AegisLab AV Signature
Backdoor.W32.Androm.bjbs!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Agent.N1038887067
3.7.5.15

Arcabit
Trojan.Jatif.Gen.1
1.0.0.774

AVG
BackDoor.Generic18
2017.0.2533

Bitdefender
Gen:Heur.Jatif.Gen.1
1.0.20.1730

Comodo Security
UnclassifiedMalware
25812

Dr.Web
Trojan.Inject2.23
9.0.1.0346

Emsisoft Anti-Malware
Gen:Heur.Jatif.Gen
8.16.12.11.08

ESET NOD32
MSIL/Injector.CIM (variant)
10.14167

Fortinet FortiGate
W32/Androm.BJBS!tr.bdr
12/11/2016

F-Secure
Gen:Heur.Jatif.Gen.1
11.2016-11-12_1

G Data
Gen:Heur.Jatif.Gen
16.12.25

IKARUS anti.virus
Trojan-Dropper.Win32.Dapato
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.2320970

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-842

McAfee
PWS-Zbot.dx
5600.6189

Microsoft Security Essentials
Worm:Win32/Gamarue.I
1.1.13103.0

MicroWorld eScan
Gen:Heur.Jatif.Gen.1
17.0.0.1038

NANO AntiVirus
Trojan.Win32.Androm.crkwwd
1.0.38.11617

Panda Antivirus
Trj/Dtcontx.J
16.12.11.08

Qihoo 360 Security
HEUR/Malware.QVM03.Gen
1.0.0.1120

Quick Heal
Backdoor.Androm.r3
12.16.14.00

Rising Antivirus
Trojan.Generic-LRH4xupdDuU (cloud)
23.00.65.161209

Sophos
Mal/Cleaman-B
4.98

Trend Micro House Call
TSPY_ZBOT.ZDS
7.2.346

Trend Micro
TSPY_ZBOT.ZDS
10.465.11

Vba32 AntiVirus
Backdoor.Androm
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
52516

ViRobot
Trojan.Win32.S.Agent.188992[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Injector.Win32.231146
2.0.0.3065

File size:
184.6 KB (188,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\mszahy.exe

Digital Signature
Signed by:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Authority:
{6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Valid from:
12/6/2013 8:17:21 PM

Valid to:
12/7/2014 2:17:21 AM

Subject:
CN={6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Issuer:
CN={6B163E3A-B8CC-4B9B-BCDD-139987D0B62D}

Serial number:
4061477664A360BC46AE5F2F20060943

File PE Metadata
Compilation timestamp:
12/9/2013 5:45:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x2BCEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
167.5 KB (171,520 bytes)

Remove mszahy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.