» sv-f-g.exe
Overview
Analysis
File Details
Behaviors (1)

sv-f-g.exe

Wi© 2016..

The executable sv-f-g.exe has been detected as malware by 17 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

sv-f-g.exe

Publisher:

Product:

Version:

1.3.3.3

MD5:

beae41a9f04570d611dbae6603d8c74b

SHA-1:

1d1e7d3abc8bb9c8dd2f2848cd65d56efb893949

SHA-256:

475afd54728874cdc1910b3fe6435a8e35b6b0f5d81f830668663aff4934271e

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/23/2024 8:51:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.69555

-41

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Symmi.D10FB3

1.0.0.795

avast!

Win32:Malware-gen

2014.9-170316

AVG

MSIL11

2018.0.2437

Bitdefender

Gen:Variant.Symmi.69555

1.0.20.375

Bkav FE

W32.eHeur.Virus02

1.3.0.8876

Emsisoft Anti-Malware

Gen:Variant.Symmi.69555

8.17.03.16.12

ESET NOD32

MSIL/Injector.FQT (variant)

11.15023

F-Secure

Gen:Variant.Symmi.69555

11.2017-16-03_5

G Data

Gen:Variant.Symmi.69555

17.3.25

Kaspersky

Trojan.Win32.Agent.nezcrn

14.0.0.-1318

McAfee

Artemis!BEAE41A9F045

5600.6093

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.13504.0

MicroWorld eScan

Gen:Variant.Symmi.69555

18.0.0.225

Panda Antivirus

Trj/CI.A

17.03.16.12

Qihoo 360 Security

HEUR/QVM18.1.0000.Malware.Gen

1.0.0.1120

File size:

1.9 MB (1,971,712 bytes)

Product version:

1.3.3.3

Original file name:

wrn.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\sv-f-g.exe

File PE Metadata

Compilation timestamp:

2/25/2017 2:13:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x2ED86

Entry point:

55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 56, D6, 45, 00, C6, D8, 6E, AF, 7A, 3A, EE, 27, 66, B1, 92, D4, 8E, 57, B9, B5, 04, 5A, 39, C3, ED, B7, 05, 12, E1, D0, 16, 5A, EA, 39, 9C, 1D, 72, 1E, D1, B6, 7D, 4A, 13, CC, 17, B0, 81, 8F, D4, E0, 88, A6, 57, C5, A4, 5C, 51, 85, FE, 45, B8, 40, 5F, 5A, E3, 5D, 04, AC, 75, E7, 3B, 2A, 72, 67, A5, 61, 03, BF, 48, E1, C9, BA, 58, F0, 0D, 4F, 94, 8C, FC, CE, 15, 4A, 89, 14, B9, 98, 5E, 12, 48, 38, A0, 97, 60, 11... 
[+]

Entropy:

7.9731

Developed / compiled with:

Microsoft Visual C++

Code size:

746 KB (763,904 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windows

Command:

C:\ProgramData\services.exe

Remove sv-f-g.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.