» px_update_v2.1.79.exe
Overview
Analysis
File Details

px_update_v2.1.79.exe

equal max

The executable px_update_v2.1.79.exe has been detected as malware by 13 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

Publisher:

equal max

Product:

equal max

Version:

9.1.9.27

MD5:

0d02ef0f9158f3969406b2b2046eeef9

SHA-1:

8621eaea3b66d27e19ec775029a066bfe6f3e8df

SHA-256:

6d1849e03b0253f0e1bfa1bee0a6cd36ac4fc83a8ed3a49a999557c190c14f1d

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 8:35:52 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Kukacka

160119-0

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Trojan.Artemis!758E17986548

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5020.0

Norman

Win32.Sality.3

11.01.2016 17:30:26

Sophos

Virus 'Mal/Sality-D'

5.22

VIPRE Antivirus

Threat.4721115

46444

File size:

444.5 KB (455,168 bytes)

Product version:

9.1.9.27

Original file name:

equal max

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\roaming\picexa viewer\update\px_update_v2.1.79.exe

File PE Metadata

Compilation timestamp:

12/24/2015 5:01:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:mSa2XLEjBRKz2pMbNh7LP0f7RbQSy8j6M29BMqmlzhc6xaXGiX2w:mH2AVRE2pOTojRxx6MIqqmlzC3XT

Entry address:

0x19876

Entry point:

60, 3B, F6, 74, 0B, 69, D7, A9, 1E, CC, 96, 85, D5, 0F, BB, C3, 0F, AC, F6, E6, F6, C3, D0, 0F, AD, D1, D0, DE, FE, CD, 69, ED, 6F, C2, E4, 1A, F6, DD, 0F, B3, F6, D1, D3, 1B, F7, 68, 29, E7, B9, 00, 40, C1, EF, AF, E8, 00, 00, 00, 00, 2C, FC, F3, 0F, AF, F7, 69, FD, D2, C3, A6, A6, 86, DE, B2, 81, F7, DB, F3, 0F, AF, E9, 68, 71, 0C, 00, 00, 69, EF, F5, D1, 60, D4, 2D, E5, 73, 54, F9, 5E, 3B, E9, 0F, BA, E5, FD, C0, D8, E4, 81, EE, B1, 00, 00, 00, 1B, DA, 0F, BA, F8, 97, FE, C8, 8D, 0E, F6, DE, 0F, AF, DA... 
[+]

Entropy:

6.1446

Code size:

193.5 KB (198,144 bytes)

Remove px_update_v2.1.79.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.