home

runer.exe

Cong ty dau tu va phat trien cong nghe thong tin

The application runer.exe by Cong ty dau tu va phat trien cong nghe thong tin has been detected as a potentially unwanted program by 9 anti-malware scanners.
Publisher:
Cong ty dau tu va phat trien cong nghe thong tin  (signed and verified)

MD5:
5d0b2a5032d58d36e8f91e2b4c99a740

SHA-1:
bf0e8817147edae8850261023454813c2622b4b0

SHA-256:
98fe92af86a55506ef6150cdf6e8b2e48c3771ee309aa7281a02b80f753dcbc7

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
5/9/2024 5:34:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2079493
6447722

Agnitum Outpost
Packed/PECompact
7.1.1

Bitdefender
Trojan.GenericKD.2079493
1.0.20.130

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Trojan.GenericKD.2079493
9.0.0.4799

F-Secure
Trojan.GenericKD.2079493
5.13.68

G Data
Trojan.GenericKD.2079493
15.1.25

MicroWorld eScan
Trojan.GenericKD.2079493
16.0.0.78

nProtect
Trojan.GenericKD.2079493
15.01.26.01

File size:
157.3 KB (161,096 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\vtcgame\dot kich\runer.exe

Digital Signature
Signed by:
Cong ty dau tu va phat trien cong nghe thong tin

Authority:
VeriSign, Inc.

Valid from:
7/30/2013 7:00:00 AM

Valid to:
8/26/2015 6:59:59 AM

Subject:
CN=Cong ty dau tu va phat trien cong nghe thong tin, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Cong ty dau tu va phat trien cong nghe thong tin, L=Hanoi, S=Hanoi, C=VN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F318FA88A92CCE830CC187023EC0B36

File PE Metadata
Compilation timestamp:
12/5/2014 9:45:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:gxfzbJtonUjURr3/sJCdQpa7NsQs/ufZHkuxAwO6jt:sfzN4UjUR7/3dQpa7NJZkuca

Entry address:
0x1EE8D

Entry point:
B8, 6C, C7, 45, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 2D, 79, 5C, A3, 6F, 29, 86, 36, 58, 66, 32, C7, A7, 64, 9D, 4D, CE, F2, 2C, 9B, 6A, 61, 64, 12, 06, DC, 93, 4E, 62, 2C, C2, 4B, 2B, 7B, B9, 2E, F0, 6C, 63, E3, 3A, 63, 60, 2C, B1, 75, 93, 77, 4B, E3, 61, E8, 78, 81, 43, F5, CF, CB, AA, 64, 5F, E6, 5C, 42, 10, D5, F5, 2A, 49, F7, 83, 09, BF, 7F, CB, DA, FD, 7B, FF, 45, 13, F7, 95, 04, 37, 4A, CD, E6, 3B, F6, 97, 1F, 8C...
 
[+]

Entropy:
7.8985

Packer / compiler:
PECompact v2

Code size:
224 KB (229,376 bytes)

Remove runer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.