» QuickTitler.EXE
Overview
Analysis
File Details
Behaviors (1)

QuickTitler.EXE

EDIUS

Thomson Canopus Co., Ltd.

The executable QuickTitler.EXE has been detected as malware by 13 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

QuickTitler.EXE

Publisher:

Thomson Canopus Co., Ltd.

Product:

EDIUS

Description:

Quick Titler

Version:

6, 0, 0, 11

MD5:

4a82db13ad58c30bc8aa69f87a869e6c

SHA-1:

435b43086638eebac5ec29b50fbdacd32e3cf25b

SHA-256:

67cea50fdd210e3872460da089ca11ffedae89233d1974c5579d245531ea8551

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 1:36:08 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160209-2

AVG

Win32/Sality

2015.0.4522

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

10.0.0.5366

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.21

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.6208.0

Norman

Win32.Sality.3

03.12.2014 13:20:04

Sophos

Virus 'Mal/Sality-D'

5.23

VIPRE Antivirus

Threat.4721115

47086

File size:

2.1 MB (2,236,416 bytes)

Product version:

6, 0, 0, 0

Trademarks:

EDIUS is a registered trademark of Thomson Canopus Co., Ltd.

Original file name:

QuickTitler.EXE

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\grass valley\edius 6\quicktitler.exe

File PE Metadata

Compilation timestamp:

10/8/2010 2:20:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:Ev44/m5kdO0w9tluH0QBPVhU7BWR8hXY:E9O5sDHhBPz8BY

Entry address:

0xE10D9

Entry point:

42, 40, 68, 7A, 77, 49, 00, 0F, AF, CD, BB, F5, 72, 5E, 8B, F6, C3, 85, 89, EF, 8A, DF, 85, FD, BF, F4, 42, 2F, 02, 2D, CF, 35, 00, 00, 21, FB, 05, 5B, 01, 00, 00, FF, C1, 87, C2, F3, 8D, 05, FE, E1, EF, B9, F7, C7, 46, B2, 2D, 7C, 80, EB, 96, 74, 02, 88, C8, E8, 0F, 00, 00, 00, 85, D6, 89, C1, 0F, AF, FD, F6, C7, 0A, 0F, B7, CF, 3B, F7, 86, F8, 89, EF, 84, E2, 85, D7, 85, F3, 86, D6, 33, EB, B9, AE, A1, 1A, 12, 84, E3, F7, C5, 4C, D5, 4B, 18, 59, 69, F8, 1B, A4, FF, 38, 86, D8, 69, F5, F1, 5B, 9D, BE, C7... 
[+]

Entropy:

6.5493

Code size:

1.4 MB (1,478,656 bytes)

Windows Firewall Allowed Program

Name:

c:\program files\grass valley\edius 6\QuickTitler.exe

Remove QuickTitler.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.