» {blocked}.exe
Overview
Analysis
File Details

{blocked}.exe

The executable {blocked}.exe has been detected as malware by 12 anti-virus scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

{blocked}.exe

MD5:

841a2ce138edf54057ca52a298ee10f3

SHA-1:

65c331b42a220528c1813937057e2458e3d1b39c

SHA-256:

4ef737276f7d1eda1fd48d20e10d47b294b4224d5ce2c4d93ddf9349c1772ab6

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/26/2024 4:39:12 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Generic

2014.07.26

Avira AntiVirus

TR/ATRAPS.Gen

7.11.163.240

Dr.Web

Trojan.PackedENT.24715

9.0.1.0206

ESET NOD32

MSIL/Bladabindi (variant)

8.10152

F-Prot

W32/Zusy.Q.gen

v6.4.7.1.166

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3507

Malwarebytes

Trojan.Facebook

v2014.07.25.12

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.10802

Norman

Inject.AXDS

11.20140725

Rising Antivirus

PE:Trojan.Injector!6.50

23.00.65.14723

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Zusy

10462

File size:

189.5 KB (194,048 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

7/24/2014 3:55:29 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:0RHEC2Oi8NXC797F8TBfFvj4bq57cicSX8GT5kyQZp0VXT/TBJo+EzWF:0+C2F8NXC796TB9vj48x8sK+XTh6WF

Entry address:

0xFFEF

Entry point:

E8, 12, 5B, 00, 00, E9, A4, FE, FF, FF, 6A, 0C, 68, 38, 11, 42, 00, E8, 67, 0D, 00, 00, 6A, 0E, E8, 68, 02, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, F4, 37, 42, 00, BA, F0, 37, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, D9, E7, FF, FF, 59, FF, 76, 04, E8, D0, E7, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 56, 0D, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 33, 01, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

7.2066

Code size:

102 KB (104,448 bytes)

Remove {blocked}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.