» steam.exe
Overview
Analysis
File Details
Behaviors (1)

steam.exe

Thunderbird

OpenVPN Solutions LLC

The executable steam.exe has been detected as malware by 14 anti-virus scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Dota 2 Workshop Tools Alpha.

File name:

steam.exe

Publisher:

Mozilla Corporation (signed by OpenVPN Solutions LLC)

Product:

Thunderbird

Version:

31.4.0

MD5:

0af0a3a3cd1c81622d0489413c2d88fa

SHA-1:

dd56358fae1b7c82c4f1d81fde0104b4f4a09957

SHA-256:

72b1d359f49eaf3f2092c4ef9e39069d3a67350ea9de03966c07c78d57d5646c

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/18/2024 11:43:43 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2184884

136

Avira AntiVirus

TR/Dropper.MSIL.125508

7.11.212.140

avast!

Win32:Malware-gen

2014.9-160921

AVG

MSIL7

2017.0.2614

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.16921

Bitdefender

Trojan.GenericKD.2184884

1.0.20.1325

Emsisoft Anti-Malware

Trojan.MSIL.Injector

8.16.09.21.12

ESET NOD32

MSIL/Injector.ICC (variant)

10.11235

Fortinet FortiGate

MSIL/Injector.IBG!tr

9/21/2016

F-Secure

Trojan.GenericKD.2184884

11.2016-21-09_4

G Data

Trojan.GenericKD.2184884

16.9.25

Malwarebytes

Spyware.Password

v2016.09.21.12

MicroWorld eScan

Trojan.GenericKD.2184884

17.0.0.795

Trend Micro House Call

Suspicious_GEN.F47V0224

7.2.265

File size:

749.3 KB (767,240 bytes)

Product version:

31.4.0

©Thunderbird and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.

Trademarks:

Thunderbird is a Trademark of The Mozilla Foundation.

Original file name:

thunderbird.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\steam\steam.exe

Digital Signature

Signed by:

OpenVPN Solutions LLC

Authority:

VeriSign, Inc.

Valid from:

4/28/2006 8:00:00 AM

Valid to:

4/28/2008 7:59:59 AM

Subject:

CN=OpenVPN Solutions LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OpenVPN Solutions LLC, L=Boulder, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

53B4A29158CE98EFA214768FC04600EE

File PE Metadata

Compilation timestamp:

2/23/2015 8:06:34 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:naza2CQvf/SANCeSr4tfu6LtlXyAxs7h/9dp4Ro4uBoSkObdHGy3q3YNbO1yrQKy:nSa2SAjSr4hu6B5ts7t+Ro73pVzb2D

Entry address:

0x7643E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.9413

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

468 KB (479,232 bytes)

Program Uninstaller

Program name:

Dota 2 Workshop Tools Alpha

Uninstall string:

"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/316570

Remove steam.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.