home

! my picutre.scr

The file ! my picutre.scr has been detected as malware by 4 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘1ac54efef229386218f9defd73c9fae1’.
MD5:
1aa055b3aecba9fdcd1743e96bf9800a

SHA-1:
2cb5821ae6bab14e1e68db9c205341d26f824600

SHA-256:
ea96d0a2b143595212f1a8a7a33dfb5ffcf5802a10d1e978683449dc78fe6ceb

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/1/2024 4:47:16 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
160917-0

Clam AntiVirus
Win.Trojan.Agent-1381450
0.98/23207

Dr.Web
Trojan.KillFiles.17235
9.0.1.05190

ESET NOD32
MSIL/Bladabindi.L trojan
6.3.12010.0

File size:
492.5 KB (504,320 bytes)

File PE Metadata
Compilation timestamp:
11/16/1998 5:57:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xFFEF

Entry point:
E8, 12, 5B, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, 38, 11, 42, 00, E8, 67, 0D, 00, 00, 6A, 0E, E8, 68, 02, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, F4, 37, 42, 00, BA, F0, 37, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, D9, E7, FF, FF, 59, FF, 76, 04, E8, D0, E7, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 56, 0D, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 33, 01, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
7.0934

Code size:
102 KB (104,448 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
1ac54efef229386218f9defd73c9fae1

Command:
"C:\users\{user}\appdata\local\temp\mozilla firefox.exe"..


Remove ! my picutre.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.