home

s7i15cwoi.exe

Undetached2

EVGA

The executable s7i15cwoi.exe has been detected as malware by 27 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MSConfig Extended 2.0’.
Publisher:
Vecuria   (signed by EVGA)

Product:
Undetached2

Description:
Ethanethiol0

Version:
1.00

MD5:
3f498bac8d4ba43c808a0f3b71e4d476

SHA-1:
fdf19fe9195e75466dace89270ff7ab0a302b180

SHA-256:
d0033ab22467efa5f5bf8781e7a195a56ac5a8ef58f66fadbcac5b7f0ab1b4e7

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/19/2024 1:27:29 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.9827
391

Agnitum Outpost
Trojan.Droma
7.1.1

AhnLab V3 Security
Trojan/Win32.VB
2015.12.28

Avira AntiVirus
TR/Dropper.VB.44386
8.3.2.4

Arcabit
Trojan.Jaik.D2663
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160110

AVG
Inject3
2017.0.2869

Baidu Antivirus
Trojan.Win32.Neurevt
4.0.3.16110

Bitdefender
Gen:Variant.Jaik.9827
1.0.20.50

Bkav FE
W32.DropperNeurevtAO.Trojan
1.3.0.7400

Emsisoft Anti-Malware
Gen:Variant.Jaik.9827
8.16.01.10.11

ESET NOD32
Win32/Neurevt
10.12782

Fortinet FortiGate
W32/Droma.I!tr
1/10/2016

F-Secure
Gen:Variant.Jaik.9827
11.2016-10-01_1

G Data
Gen:Variant.Jaik.9827
16.1.25

IKARUS anti.virus
Trojan.Win32.Neurevt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18233

Kaspersky
Trojan.Win32.Droma
14.0.0.838

Malwarebytes
Trojan.Dropper
v2016.01.10.11

McAfee
RDN/Generic.dx
5600.6525

MicroWorld eScan
Gen:Variant.Jaik.9827
17.0.0.30

NANO AntiVirus
Trojan.Win32.Neurevt.dziwmu
1.0.14.5317

Panda Antivirus
Generic Suspicious
16.01.10.11

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16108

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R092C0PLO15
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
46110

File size:
312.8 KB (320,328 bytes)

Product version:
1.00

Original file name:
Yodchai7.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\msconfig extended 2.0\s7i15cwoi.exe

Digital Signature
Signed by:
EVGA

Authority:
VeriSign, Inc.

Valid from:
2/29/2012 7:00:00 AM

Valid to:
4/16/2014 6:59:59 AM

Subject:
CN=EVGA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=EVGA, L=Brea, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26D7F5563EB3E42A81F7C715FCD2799D

File PE Metadata
Compilation timestamp:
12/20/2015 7:45:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:W+gQkraeK8K0kvd4b2nzkKMCgohhyxgczJQpQ:yrp40kNzRN5hySl2

Entry address:
0x1184

Entry point:
68, 34, 12, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, F3, 92, C2, D2, 0C, 64, C3, 44, 8A, 56, 0C, 1D, 88, 2D, 8E, 55, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 53, 6F, 66, 74, 65, 73, 74, 00, 00, 00, 00, 00, 07, 00, 00, 00, D8, 4C, 40, 00, 07, 00, 00, 00, 7C, 4C, 40, 00, 07, 00, 00, 00, 24, 4C, 40, 00, 07, 00, 00, 00, C4, 4B, 40, 00, 01, 00, 0F, 00, 9C, 40, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Entropy:
7.4617

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
292 KB (299,008 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MSConfig Extended 2.0

Command:
"C:\ProgramData\msconfig extended 2.0\s7i15cwoi.exe"


Remove s7i15cwoi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.