» testmem.exe
Overview
Analysis
File Details

testmem.exe

The executable testmem.exe has been detected as malware by 27 anti-virus scanners.

File name:

testmem.exe

MD5:

5c0c7d075eb025723ae6eeab20cde02c

SHA-1:

80059046916e0d8020319c8a456ced472a8058f6

SHA-256:

4762a221e2a0404a99f89682d46ec291f4ef0da48156fe4e0a101f2fe39d91e8

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/20/2024 3:29:06 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BHLU

738

Avira AntiVirus

TR/Crypt.Xpack.137041

7.11.205.178

avast!

Win32:Dropper-gen [Drp]

2014.9-150128

AVG

Zbot

2016.0.3216

Baidu Antivirus

Trojan.Win32.Waski

4.0.3.15128

Bitdefender

Trojan.Agent.BHLU

1.0.20.140

Dr.Web

Trojan.DownLoader12.14015

9.0.1.028

Emsisoft Anti-Malware

Trojan-Downloader.Win32.Agent

8.15.01.28.11

ESET NOD32

Win32/TrojanDownloader.Waski

9.11085

Fortinet FortiGate

W32/Upatre.HN!tr

1/28/2015

F-Prot

W32/Trojan3.NJS

v6.4.7.1.166

F-Secure

Trojan.Agent.BHLU

11.2015-28-01_4

G Data

Trojan.Agent.BHLU

15.1.25

IKARUS anti.virus

Trojan-Downloader.Win32.Upatre

t3scan.1.8.6.0

Kaspersky

Trojan.Win32.Staser

14.0.0.2573

Malwarebytes

Trojan.Email.FakeDoc

v2015.01.28.11

McAfee

Upatre-FAAJ!5C0C7D075EB0

5600.6872

Microsoft Security Essentials

TrojanDownloader:Win32/Upatre

1.1.11302.0

MicroWorld eScan

Trojan.Agent.BHLU

16.0.0.84

Norman

Upatre.FN

11.20150128

nProtect

Trojan/W32.Staser.45056.I

15.01.28.01

Panda Antivirus

Trj/Genetic.gen

15.01.28.11

Quick Heal

(Suspicious) - DNAScan

1.15.14.00

Sophos

Troj/Upatre-HN

4.98

Trend Micro House Call

Suspicious_GEN.F47V0127

7.2.28

Trend Micro

TROJ_UPATRE.SMNC

10.465.28

VIPRE Antivirus

Win32.Malware!Drop

37038

File size:

44 KB (45,056 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\testmem.exe

File PE Metadata

Compilation timestamp:

11/2/2014 12:52:46 PM

OS version:

4.20

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.28

CTPH (ssdeep):

384:A4CCmbez6vPBTCMyOcDF/p0nM19a4ZSW9QOhpX1dCXWtrHoE:A3vPpTEp0nj4ZSW9QOhd10XW1

Entry address:

0x1000

Entry point:

8B, CB, B8, 00, 00, 00, 00, 03, C4, 66, 83, C3, 01, 68, FF, 00, 00, 00, 59, C1, C1, 08, 66, 8B, F0, 66, 3B, F1, 0F, 87, 17, 00, 00, 00, C3, CC, B8, 2C, A0, 40, 00, 6A, 00, C3, CC, E9, 45, 00, 00, 00, E9, 40, 00, 00, 00, 33, C0, 60, 8B, EC, 2B, C0, 05, 00, A8, 40, 00, 2B, F6, 03, F0, 2B, C0, 05, 00, A0, 40, 00, BF, 00, 00, 00, 00, 03, F8, 57, 5A, 33, C9, 83, C2, 2C, FF, 12, 85, C9, 0F, 84, 08, 00, 00, 00, C3, CC, 0F, 85, AF, 00, 00, 00, 85, C0, 0F, 85, 01, 00, 00, 00, CC, B8, 00, 00, 00, 00, 8D, 07, 05, 6E... 
[+]

Entropy:

3.7511

Code size:

32 KB (32,768 bytes)

Remove testmem.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.