home

system32.exe

Folder View

The executable system32.exe has been detected as malware by 5 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘System32’.
Product:
Folder View

Version:
7.00

MD5:
40c4d27ff58584047cf425420d556a99

SHA-1:
0a19b0336ac1b089187f02d35b9016f9b70992f8

SHA-256:
26673cee74fe6fa0062935d8225e9929636c2e38a9fed9bb395e669dc0565094

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
4/19/2024 9:34:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160917-0

AVG
Worm/Generic3.XIL
2013.0.4756

Clam AntiVirus
Win.Trojan.Agent-1366500
0.98/23207

Dr.Web
Win32.HLLW.Autoruner2.15607
9.0.1.05190

ESET NOD32
Win32/AutoRun.VB.BFC worm
6.3.12010.0

File size:
504.2 KB (516,258 bytes)

Product version:
7.00

Original file name:
IDvDFolderView 2012-09-09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\farrukh umar\system32.exe

File PE Metadata
Compilation timestamp:
5/21/2008 6:17:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1A90

Entry point:
68, 1C, 1D, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 38, 00, 00, 00, E6, DA, 73, A2, 94, 36, BB, 44, AC, 9B, 70, 95, 52, 35, 2F, CD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 22, 0D, 0A, 20, 20, 20, 46, 6F, 6C, 64, 65, 72, 00, 65, 49, 44, 76, 44, 20, 53, 6F, 66, 74, 77, 61, 72, 65, 00, 37, 35, 00, 00, 00, 00, FF, CC, 31, 00, 07, B6, 89, 61, A6, 19, 8C, 26, 48, 82, 9E, B7, 49, 45, E2, 4A, 7D, C5, ED, DF, 4F, F1, AF, D4, 43, 81, DA, 4D, 03, A1, B3, BC, 2A, 3A, 4F, AD...
 
[+]

Entropy:
6.0150

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
80 KB (81,920 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
System32

Command:
C:\users\farrukh umar\system32.exe


Remove system32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.