» teamspeak 3 wizard.exe
Overview
Analysis
File Details

teamspeak 3 wizard.exe

Remote Service Application

Microsoft Corp.

The executable teamspeak 3 wizard.exe has been detected as malware by 39 anti-virus scanners.

File name:

Publisher:

Microsoft Corp.

Product:

Remote Service Application

Version:

1, 0, 0, 1

MD5:

e479c55faecf4c407cbce453a4f5c26a

SHA-1:

e846d49fcdbf16561d6aeb44ce0157988f977bab

SHA-256:

365c9e9add433964a72fa6050b10b7a0efc437ec8d780537e4ae719f943cc54a

Scanner detections:

39 / 68

Status:

Malware

Analysis date:

4/19/2024 6:58:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Inject.AUZ

6586311

Agnitum Outpost

Trojan.Comet.Gen.LO

7.1.1

AhnLab V3 Security

Trojan/Win32.DelfInject

2015.02.28

Avira AntiVirus

BDS/DarkKomet.GR

7.11.212.228

avast!

Win32:Agent-ASXK [Trj]

2014.9-150227

AVG

BackDoor.Generic16

2016.0.3185

Bitdefender

Trojan.Inject.AUZ

1.0.20.290

Bkav FE

W32.OnGamesLTKVPOK.Trojan

1.3.0.6379

Clam AntiVirus

WIN.Trojan.DarkKomet

0.98/20120

Comodo Security

Backdoor.Win32.Agent.XAB

21233

Dr.Web

BackDoor.Comet.2020

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Inject.AUZ

9.0.0.4799

ESET NOD32

Win32/Fynloski.AA trojan

7.0.302.0

Fortinet FortiGate

W32/DarkKomet.ID!tr.bdr

2/27/2015

F-Prot

W32/Downloader.C.gen

4.6.5.141

F-Secure

Trojan.Inject.AUZ

5.13.68

G Data

Trojan.Inject.AUZ

15.2.25

IKARUS anti.virus

Backdoor.Win32.DarkKomet

t3scan.1.8.6.0

K7 AntiVirus

Backdoor

13.1915113

Kaspersky

Backdoor.Win32.DarkKomet

15.0.0.543

Malwarebytes

Backdoor.Agent.DCRSAGen

v2015.02.27.09

McAfee

Trojan.Generic BackDoor.xa

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.193.1194.0

MicroWorld eScan

Trojan.Inject.AUZ

16.0.0.174

NANO AntiVirus

Trojan.Win32.DarkKomet.cssoim

0.30.0.296

Norman

Backdoor.Fynloski.C

02.01.2015 13:58:24

nProtect

Trojan.Inject.AUZ

15.02.27.01

Panda Antivirus

Trj/Packed.B

15.02.27.09

Quick Heal

Backdoor.Fynloski.A9

2.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.27.20

Rising Antivirus

PE:Backdoor.Pontoeb!1.6637

23.00.65.15225

Sophos

Virus 'Troj/Backdr-ID'

5.11

Total Defense

Win32/Fynloski.A!generic

37.0.11467

Trend Micro House Call

BKDR_FYNLOS.SMM

7.2.58

Trend Micro

BKDR_FYNLOS.SMM

10.465.27

Vba32 AntiVirus

Backdoor.DarkKomet

3.12.26.3

VIPRE Antivirus

Threat.4733922

37788

ViRobot

Backdoor.Win32.Agent.674304.A[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Fynloski.Win32.3190

2.0.0.2084

File size:

833.5 KB (853,504 bytes)

Product version:

4, 0, 0, 0

Original file name:

MSRSAAP.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/7/2012 9:59:53 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:/9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hHJ:pZ1xuVVjfFoynPaVBUR8f+kN10EB7

Entry address:

0x8F888

Entry point:

55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0... 
[+]

Entropy:

6.3246

Developed / compiled with:

Microsoft Visual C++

Code size:

573 KB (586,752 bytes)

Remove teamspeak 3 wizard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.