» qjlh7y.cpp
Overview
Analysis
File Details

qjlh7y.cpp

Операционная система Microsoft Windows Whistler 2000

Корпорация Майкрософт

The file qjlh7y.cpp, “Removable Storage UI Layer” has been detected as malware by 16 anti-virus scanners.

File name:

qjlh7y.cpp

Publisher:

Корпорация Майкрософт

Product:

Операционная система Microsoft (R) Windows Whistler(R) 2000

Description:

Removable Storage UI Layer

Version:

5.1.2400.1

MD5:

db0f91b47f7ea11be08fc29faf692638

SHA-1:

075a8daf98716a1bf42ce17ecf53ea76e996e3fb

SHA-256:

1c2da387fc8bdf1065ef5260a753850599fe41242e15a89c11389ec31f1936c2

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/19/2024 11:38:51 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.366549

1018

AVG

Win32/Cryptor

2015.0.3496

Bitdefender

Gen:Variant.Kazy.366549

1.0.20.565

Emsisoft Anti-Malware

Gen:Variant.Kazy.366549

8.14.04.23.06

ESET NOD32

Win32/Kryptik.BZWF (variant)

8.9709

F-Secure

Gen:Variant.Kazy.366549

11.2014-23-04_4

G Data

Gen:Variant.Kazy.366549

14.4.24

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.1.6.1.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3974

Malwarebytes

Trojan.FakeMS

v2014.04.23.06

Microsoft Security Essentials

VirTool:Win32/Obfuscator.ADB

1.10502

MicroWorld eScan

Gen:Variant.Kazy.366549

15.0.0.339

Norman

Kryptik.CDJO

11.20140423

Panda Antivirus

Suspicious file

14.04.23.06

Qihoo 360 Security

Malware.QVM40.Gen

1.0.0.1015

Sophos

Mal/Ransom-CL

4.98

File size:

188 KB (192,512 bytes)

Product version:

5.1.2400.1

Original file name:

rsmui.exe

Common path:

C:\ProgramData\2992199f9a\qjlh7y.cpp

File PE Metadata

Compilation timestamp:

4/15/2014 6:23:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

3072:Y856noXtTwd1vFN3d4QzXqXNaH8Lj57BA:Y8n90D3d4QzXmNQUjB

Entry address:

0x5410

Entry point:

55, 89, E5, 83, EC, 24, C7, 45, F8, 00, 00, 00, 00, 8B, 45, 08, 89, 45, EC, 8B, 45, 0C, 89, 45, E8, 8B, 45, 10, 89, 45, F4, E8, 2C, FE, FF, FF, 89, 45, F0, 8B, 45, EC, A3, 94, 81, 02, 0B, 8D, 45, 04, A3, 90, 81, 02, 0B, C7, 05, 98, 81, 02, 0B, 10, 54, 00, 0B, C6, 45, E3, B6, 8B, 45, 00, A3, 8C, 81, 02, 0B, 89, 1D, 88, 81, 02, 0B, 89, 3D, 84, 81, 02, 0B, 89, 35, 80, 81, 02, 0B, C7, 04, 24, 00, 00, 00, 00, E8, 65, FF, FF, FF, 31, C0, 83, C4, 24, 5D, C2, 0C, 00, CC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.8944

Code size:

80 KB (81,920 bytes)

Remove qjlh7y.cpp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.