home

skidware - do not use if you do not want to be vac banned.exe

{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

The executable skidware - do not use if you do not want to be vac banned.exe has been detected as malware by 32 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Init’.
Publisher:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}  (signed and verified)

MD5:
83fbe2b64b98edf9c9484a5635ad970d

SHA-1:
9915f80a57836f19925e60efc7d5c77dd8b3eaf2

SHA-256:
fac275e5b0a5baff1c243c03c63043c4ab44c255c884a8c69cce6b04987aeaa6

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
4/25/2024 2:33:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11332223
219

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.3.4

Arcabit
Trojan.Generic.DACEA7F
1.0.0.669

avast!
Win32:Malware-gen
2014.9-160630

AVG
Inject2
2017.0.2697

Baidu Antivirus
Trojan.MSIL.Injector
4.0.3.16630

Bitdefender
Trojan.Generic.11332223
1.0.20.910

Comodo Security
UnclassifiedMalware
24774

Dr.Web
BackDoor.Comet.884
9.0.1.0182

Emsisoft Anti-Malware
Trojan.Generic.11332223
8.16.06.30.06

ESET NOD32
MSIL/Injector.DVN (variant)
10.13315

Fortinet FortiGate
MSIL/Injector.DVN!tr
6/30/2016

F-Secure
Trojan.Generic.11332223
11.2016-30-06_5

G Data
Trojan.Generic.11332223
16.6.25

IKARUS anti.virus
Backdoor.Win32.Fynloski
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.221.19266

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-21

Malwarebytes
Backdoor.Agent.DC
v2016.06.30.06

McAfee
RDN/Generic BackDoor!bdl
5600.6353

Microsoft Security Essentials
Backdoor:Win32/Fynloski.A
1.1.12603.0

MicroWorld eScan
Trojan.Generic.11332223
17.0.0.546

NANO AntiVirus
Trojan.Win32.Comet.dkkxpg
1.0.18.7201

nProtect
Trojan.Generic.11332223
16.04.11.01

Panda Antivirus
Trj/OCJ.F
16.06.30.06

Qihoo 360 Security
Win32/Trojan.30f
1.0.0.1120

Quick Heal
Trojan.Generic.r3
6.16.14.00

Sophos
Mal/Cleaman-B
4.98

Trend Micro
TROJ_GEN.R0F0C0CBI16
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
48548

ViRobot
Trojan.Win32.S.Agent.758304[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Injector.Win32.235677
2.0.0.2774

File size:
740.5 KB (758,304 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Authority:
{D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Valid from:
4/29/2014 5:09:56 PM

Valid to:
4/29/2015 11:09:56 PM

Subject:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Issuer:
CN={D1CDC79E-9E78-4A5F-9BCD-AB50983E68C7}

Serial number:
1E6CC65BB239DD99402691D1631F5B0C

File PE Metadata
Compilation timestamp:
5/25/2014 5:12:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:V0kLUeINb2dQx6D7oyHyQkTHcFVTvwpWq6bAAQ+t6tHIuL:fhCb2dvJkTHcFJttNuL

Entry address:
0x91FFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6725

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
576.5 KB (590,336 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Windows Init

Command:
C:\users\{user}\appdata\local\frt1ok0q.i1m\wininit.exe


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.