home

runasuser.exe

The executable runasuser.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CafeUpdateWipeVolume’.
MD5:
c55e1099ab9037da73d895a9b46dfd15

SHA-1:
0bacf63c8f410eba8933b8db0d6c48c29f85f3c7

SHA-256:
66718a64ec589aa853291e514fad9dfb4862941893d21b7a0f439f48834bfd53

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
4/28/2024 11:43:15 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Inject1.28681
9.0.1.05190

F-Prot
W32/Renamer.A.gen
4.6.5.141

F-Secure
Worm.Generic.377772
5.16.24

File size:
525.5 KB (538,112 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
7/22/1995 4:01:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x72814

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, 14, 0E, 47, 00, E8, 43, 4A, F9, FF, 8B, 1D, 30, 53, 47, 00, 8B, 03, E8, 06, 60, FE, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, B2, 01, E8, 3B, 7D, FE, FF, 8B, 0D, 5C, 52, 47, 00, 8B, 03, 8B, 15, E0, 0A, 47, 00, E8, FC, 5F, FE, FF, 8B, 0D, 68, 53, 47, 00, 8B, 03, 8B, 15, 90, 05, 47, 00, E8, E9, 5F, FE, FF, 8B, 03, E8, 62, 60, FE, FF, 5B, E8, C0, 28, F9, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
451 KB (461,824 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CafeUpdateWipeVolume

Command:
C:\cyberindoclient\wipevolume.exe


Remove runasuser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.