home

runads.exe

Project1

The executable runads.exe has been detected as malware by 30 anti-virus scanners.
Product:
Project1

Version:
1.00

MD5:
f6881d7a661725409dfc5197ad455cb6

SHA-1:
917d00f5d08ea4a43bccc45e6acda1f1387feb75

SHA-256:
0c1a7fa0607f40445a6f221544020ebc1ee6f6410739b94d29fa27a9cb78c104

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/26/2024 11:51:49 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
838

Agnitum Outpost
Trojan.VB
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.179.120

avast!
Win32:Malware-gen
2014.9-141019

AVG
VB2
2015.0.3316

Baidu Antivirus
Trojan.Win32.VB
4.0.3.141019

Bitdefender
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
1.0.20.1460

Comodo Security
TrojWare.Win32.Injector.KRTE
19846

Emsisoft Anti-Malware
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
8.14.10.19.09

ESET NOD32
Win32/VB.RRS
8.10585

Fortinet FortiGate
W32/VB.RRS!tr
10/19/2014

F-Secure
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
11.2014-19-10_1

G Data
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
14.10.24

IKARUS anti.virus
Trojan.Win32.VB
t3scan.1.7.8.0

K7 AntiVirus
P2PWorm
13.184.13727

Kaspersky
Trojan-Clicker.Win32.VB
14.0.0.2822

McAfee
Artemis!F6881D7A6617
5600.6972

MicroWorld eScan
Gen:Trojan.Heur.VP2.cm0@a8p3cVki
15.0.0.876

NANO AntiVirus
Trojan.Win32.VB.dgigqt
0.28.2.62671

Norman
Troj_Generic.WJDRJ
11.20141019

Panda Antivirus
Trj/Chgt.G
14.12.09.04

Qihoo 360 Security
Win32/Trojan.Clicker.ec7
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
10.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.12.9.16

Rising Antivirus
PE:Trojan.Win32.Generic.1763A754!392406868
23.00.65.141017

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R011H09J714
7.2.292

Trend Micro
TROJ_GEN.R0CCC0EIT14
10.465.09

Vba32 AntiVirus
TrojanClicker.VB
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34060

File size:
32 KB (32,768 bytes)

Product version:
1.00

Original file name:
runads.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\runads.exe

File PE Metadata
Compilation timestamp:
10/5/2014 12:13:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:6dFBxGjQVOrlJizwjHiFghM0oD94/R6zOr9BxGjQ:6XyQ6djoghM1y/pXyQ

Entry address:
0x1388

Entry point:
68, D0, 25, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 1B, D1, 87, 0C, 39, CB, 9F, 4A, 93, A8, 35, 1A, EC, F0, 2D, F7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 01, CE, 6A, 80, FF, B0, CF, B0, 4E, 8B, 60, A8, 9B, B8, 53, CE, 38, D0, AC, E7, 58, 74, CF, C4, 4B, 85, B0, BF, 80, A9, 24, FB, 46, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.4047

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
16 KB (16,384 bytes)

Remove runads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.