» Slimshady.exe
Overview
Analysis
File Details

Slimshady.exe

Produktionszeitraum

6 Wunderkinder GmbH

File name:

Slimshady.exe

Publisher:

Slimshady (signed by 6 Wunderkinder GmbH)

Product:

Produktionszeitraum

Description:

Slimshady

Version:

7.08

MD5:

7c2629a7eb32a0c5c36f890f13278917

SHA-1:

9d9c5664bb1a744155b37be4574f67a3753b0e1e

SHA-256:

bf4b21b5acada22bb7c41fd21b6400374bf661a30d03fc5a443b37244775283f

Scanner detections:

2 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/3/2024 7:14:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

160518-2

ESET NOD32

Win32/Injector.CTCS trojan

7.0.302.0

File size:

151.2 KB (154,784 bytes)

Product version:

7.08

Original file name:

Slimshady.exe

Common path:

C:\users\{user}\appdata\local\temp\9093.tmp

Digital Signature

Signed by:

6 Wunderkinder GmbH

Authority:

Symantec Corporation

Valid from:

1/8/2016 8:00:00 AM

Valid to:

2/7/2017 7:59:59 AM

Subject:

CN=6 Wunderkinder GmbH, O=6 Wunderkinder GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

36C84D4A1289E42DE51C84FAD2683E03

File PE Metadata

Compilation timestamp:

2/25/2016 3:10:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:udLq11nKf/hm6fnClY4vqoVTQgyw/cFa/j:udLqLf6MrvtNyw/c

Entry address:

0x291C

Entry point:

68, 8C, 2A, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 75, 85, 6A, 27, 45, AD, 1A, 4A, AA, B9, F9, 46, F6, D2, 27, 99, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, F8, FE, 89, 03, 42, 75, 6E, 64, 65, 73, 6B, 61, 6D, 6D, 65, 72, 00, 08, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 03, 13, D9, CD, 8D, 71, 1C, 4B, 4E, AC, FE, C2, 45, 53, 87, EF, 4B, 11, 9E, CA, 4B, 41, 8B, F2, 4F, 9B, 71, 43, 81, 81, 33, 80, 61, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

6.2829

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

124 KB (126,976 bytes)

Scan Slimshady.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.