home

Shamushti.exe

Fixpacks

Foolish IT LLC

The file Shamushti.exe has been detected as malware by 27 anti-virus scanners.
Publisher:
Vecuria   (signed by Foolish IT LLC)

Product:
Fixpacks

Description:
Nephtoah

Version:
1.00

MD5:
1d97b8ea35a290efd3db7d78bb66d7f0

SHA-1:
8771a67c9804b8ca904821253b42e214fb48be7d

SHA-256:
cf63c5b1b9b4f2c97de6a7bf00375906afcd9c601243d583b735aa8fdf3d80a3

Scanner detections:
27 / 68

Status:
Malware

Analysis date:
4/18/2024 3:05:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.9803
391

Agnitum Outpost
Trojan.VBKryjetor
7.1.1

AhnLab V3 Security
Trojan/Win32.VB
2015.12.26

Avira AntiVirus
TR/Dropper.VB.4926
8.3.2.4

Arcabit
Trojan.Jaik.D264B
1.0.0.637

avast!
Win32:Malware-gen
2014.9-160110

AVG
Generic_vb
2017.0.2869

Baidu Antivirus
Trojan.Win32.Neurevt
4.0.3.16110

Bitdefender
Gen:Variant.Jaik.9803
1.0.20.50

Bkav FE
W32.SonbraimLTB.Trojan
1.3.0.7400

Emsisoft Anti-Malware
Gen:Variant.Jaik.9803
8.16.01.10.11

ESET NOD32
Win32/Neurevt
10.12776

Fortinet FortiGate
W32/Neurevt.I!tr
1/10/2016

F-Secure
Gen:Variant.Jaik.9803
11.2016-10-01_1

G Data
Gen:Variant.Jaik.9803
16.1.25

IKARUS anti.virus
Trojan.Win32.Neurevt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.18232

Kaspersky
Trojan.Win32.VBKryjetor
14.0.0.838

McAfee
RDN/Generic.dx
5600.6525

Microsoft Security Essentials
Trojan:Win32/Dynamer!ac
1.1.12400.0

MicroWorld eScan
Gen:Variant.Jaik.9803
17.0.0.30

NANO AntiVirus
Trojan.Win32.Neurevt.dzjips
1.0.14.5317

Panda Antivirus
Trj/CI.A
16.01.10.11

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16108

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R021C0DLL15
10.465.10

VIPRE Antivirus
Trojan.Win32.Generic
46074

File size:
315.1 KB (322,704 bytes)

Product version:
1.00

Original file name:
Shamushti.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\cb53.tmp

Digital Signature
Signed by:
Foolish IT LLC

Authority:
StartCom Ltd.

Valid from:
5/10/2014 1:38:40 PM

Valid to:
5/10/2016 9:34:08 AM

Subject:
E=foolishtech@foolishit.com, CN=Foolish IT LLC, O=Foolish IT LLC, L=Manteo, S=North Carolina, C=US, Description=D9J0KaT9DvjE2CWD

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0E63

File PE Metadata
Compilation timestamp:
12/17/2015 7:48:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:RvFgMDqXnrynaZjM/uy0KeX6GWZJ38joFabfFtlharLmQIVlmok2K0H2Q0iYnuKJ:zjuXnWcryAhEJ3oYGfF/ILmQjbu8uK24

Entry address:
0x117C

Entry point:
68, 34, 12, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F0, C2, 80, 78, 98, C6, 15, 48, 87, 72, A4, 38, 7E, A3, 1E, 7E, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, C8, 18, 03, 02, 46, 65, 72, 69, 6E, 65, 6C, 79, 32, 00, 41, 00, 20, 08, 41, 00, 00, 00, 00, 00, 07, 00, 00, 00, D4, 4B, 40, 00, 07, 00, 00, 00, 74, 4B, 40, 00, 07, 00, 00, 00, 18, 4B, 40, 00, 07, 00, 00, 00, C0, 4A, 40, 00, 01, 00, 0F, 00, 94, 3F, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF...
 
[+]

Entropy:
7.4362

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
296 KB (303,104 bytes)

Remove Shamushti.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.