» simplefirewall.exe
Overview
Analysis
File Details

simplefirewall.exe

The executable simplefirewall.exe has been detected as malware by 10 anti-virus scanners.

File name:

simplefirewall.exe

MD5:

c5a49e60aa59bbc758e9da9d39b9506d

SHA-1:

f4a1bea95b5e3104328f830030d01e5889f113f5

SHA-256:

c1567b59d66a63f6e6bb4092681bdf7b859cd862a02096ee950d4b4ebe83cb95

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 4:00:01 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Agent

7.1.1

Avira AntiVirus

BDS/Rogue.757528

7.11.132.236

avast!

Win32:Malware-gen

2014.9-140901

AVG

BackDoor.Generic_c

2015.0.3365

Bkav FE

W32.Clodec0.Trojan

1.3.0.4924

Emsisoft Anti-Malware

Android.Trojan.Kmin

8.14.09.01.04

IKARUS anti.virus

Backdoor.Win32.SuspectCRC

t3scan.2.2.29

McAfee

Artemis!C5A49E60AA59

5600.7021

Norman

Suspicious_Gen2.VKZQO

11.20140901

VIPRE Antivirus

Trojan.Win32.Generic

26664

File size:

321 KB (328,704 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\simplefirewall.exe

File PE Metadata

Compilation timestamp:

9/21/2007 9:00:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

6144:6o1/Il8qyfg7FRTLM2mx8fuXILgR7Lg32Q89xKy+xYFAmZRUqWu/Z:6o1/IuqznTIoun9LgmQEeRmIq

Entry address:

0xE4001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 40, 0E, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.9502

Packer / compiler:

ASPack v2.12

Code size:

692 KB (708,608 bytes)

Remove simplefirewall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.