» pm2.exe
Overview
Analysis
File Details
Downloads (1)

pm2.exe

Aavid Sharepoint

OPSWAT, Inc.

The executable pm2.exe, “Winsock Nmu Lead Checkout Once” has been detected as malware by 29 anti-virus scanners. The file has been seen being downloaded from malwr.com.

File name:

pm2.exe

Publisher:

OPSWAT, Inc.

Product:

Aavid Sharepoint

Description:

Winsock Nmu Lead Checkout Once

Version:

5.7.14.7

MD5:

e822c6c07d883d969e84045d2e99c4b2

SHA-1:

a4fbaa069000b97527769025f16714a526256dbd

SHA-256:

7547504400daedc6d5828d1778ca80d8e75afb3ae00e2302bbe8d31c48c78695

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/18/2024 9:34:20 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Moseran

2015.11.11

Avira AntiVirus

TR/Crypt.Xpack.315539

8.3.2.2

Arcabit

Trojan.Generic.D2BA1ED

1.0.0.593

avast!

Win32:Malware-gen

2014.9-151112

AVG

Zbot

2016.0.2928

Baidu Antivirus

Trojan.Win32.Fareit

4.0.3.151112

Bitdefender

Trojan.GenericKD.2859501

1.0.20.1580

Dr.Web

Trojan.PWS.Stealer.4118

9.0.1.0316

Emsisoft Anti-Malware

Trojan.GenericKD.2859501

8.15.11.12.07

ESET NOD32

Win32/PSW.Fareit

9.12548

Fortinet FortiGate

PossibleThreat.P0

11/12/2015

F-Secure

Trojan.GenericKD.2859501

11.2015-12-11_5

G Data

Trojan.GenericKD.2859501

15.11.25

IKARUS anti.virus

Trojan.Win32.PSW

t3scan.1.9.5.0

K7 AntiVirus

Password-Stealer

13.212.17812

Kaspersky

Trojan-PSW.Win32.Fareit

14.0.0.1134

Malwarebytes

Trojan.PasswordStealer

v2015.11.12.07

McAfee

GenericR-EZX!E822C6C07D88

5600.6584

Microsoft Security Essentials

PWS:Win32/Fareit

1.1.12205.0

MicroWorld eScan

Trojan.GenericKD.2859501

16.0.0.948

NANO AntiVirus

Trojan.Win32.Stealer.dypedi

0.30.26.4437

nProtect

Trojan.GenericKD.2859501

15.11.11.01

Panda Antivirus

Generic Suspicious

15.11.12.07

Qihoo 360 Security

Win32/Trojan.088

1.0.0.1077

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151110

Sophos

Troj/Fareit-TZ

4.98

Trend Micro House Call

TSPY_ZBOT.YUYAKU

7.2.316

Trend Micro

TSPY_ZBOT.YUYAKU

10.465.12

VIPRE Antivirus

Trojan.Win32.Generic

45154

File size:

177 KB (181,248 bytes)

Product version:

5.7.14.7

Trademarks:

Original file name:

Aavid Sharepoint.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

11/9/2015 5:52:17 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:4xb/AeFm7+TimmyYFB8Z3aayZFYt7ihmYOflHm7HJl4Ba:emm75dyzxFOflHm7pz

Entry address:

0x517B

Entry point:

E8, 38, 05, 00, 00, E9, 65, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, B2, 41, 00, 89, 0D, 04, B2, 41, 00, 89, 15, 00, B2, 41, 00, 89, 1D, FC, B1, 41, 00, 89, 35, F8, B1, 41, 00, 89, 3D, F4, B1, 41, 00, 66, 8C, 15, 20, B2, 41, 00, 66, 8C, 0D, 14, B2, 41, 00, 66, 8C, 1D, F0, B1, 41, 00, 66, 8C, 05, EC, B1, 41, 00, 66, 8C, 25, E8, B1, 41, 00, 66, 8C, 2D, E4, B1, 41, 00, 9C, 8F, 05, 18, B2, 41, 00, 8B, 45, 00, A3, 0C, B2, 41, 00, 8B, 45, 04, A3, 10, B2, 41, 00, 8D, 45, 08, A3, 1C, B2, 41... 
[+]

Entropy:

6.9034

Code size:

34 KB (34,816 bytes)

The file pm2.exe has been seen being distributed by the following URL.

https://malwr.com/analysis/file/MDMzNmZhMmE5YmJlNGE0ZDg0YjgzODQ2YTU3NGFkN2Q/sample/.../

Remove pm2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.