» tlsr.exe
Overview
Analysis
File Details

tlsr.exe

The executable tlsr.exe has been detected as malware by 40 anti-virus scanners.

File name:

tlsr.exe

MD5:

d4e164547f1607c0e5a06953ec6a6440

SHA-1:

e1667e72815cf1362d16e11048c734d263055583

SHA-256:

273b88dc47fb7a6eb7ae2587643d1ed8b22ef533d0c17bb0d862ed05be7ccc5c

Scanner detections:

40 / 68

Status:

Malware

Analysis date:

4/26/2024 7:13:23 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Worm.Sohanad

7.1.1

AhnLab V3 Security

Win32/Autoit.worm.617343

2013.11.23

Avira AntiVirus

TR/Autoit.CI.14

7.11.115.34

avast!

Win32:Sality

2014.9-150401

AVG

Autoit

2016.0.3152

Baidu Antivirus

Worm.Win32.AutoRun

4.0.3.1541

Bitdefender

Win32.Worm.Sohanad.NBN

1.0.20.455

Bkav FE

W32.RegvcsA

1.3.0.6267

Clam AntiVirus

Trojan.Siggen-7

0.98/18155

Comodo Security

Worm.Win32.Autoit.DB

17315

Dr.Web

Trojan.Click1.37970

9.0.1.091

Emsisoft Anti-Malware

Win32.Worm.Sohanad.NBN

8.15.04.01.03

ESET NOD32

Win32/Autoit.DB

9.9083

Fortinet FortiGate

W32/Autorun.VDX!worm

4/1/2015

F-Prot

W32/Trojan2.DFYJ

v6.4.7.1.166

F-Secure

IM-Worm:W32/Sohanad.HM

11.2015-01-04_4

G Data

Win32.Worm.Sohanad.NBN

15.4.22

herdProtect (fuzzy)

variant of heli tours print folder .exe

2015.7.6.11

IKARUS anti.virus

Trojan.Autoit

t3scan.2.2.29

K7 AntiVirus

Password-Stealer

13.191.14617

Kaspersky

Worm.Win32.AutoRun

14.0.0.2257

Malwarebytes

Trojan.FakeFolder

v2015.04.01.03

McAfee

W32/YahLover.worm

5600.6808

Microsoft Security Essentials

Worm:Win32/Nuqel.AE

1.163.1557.0

MicroWorld eScan

Trojan.Generic.1725344

16.0.0.273

NANO AntiVirus

Trojan.Win32.AutoRun.hcfwq

0.28.0.56316

Norman

Sohanad.gen6

11.20150401

nProtect

Trojan/W32.AutoIt.1058111

15.01.12.01

Panda Antivirus

W32/Sohanat.IZ

15.04.01.03

Quick Heal

Worm.AutoRun.A10

4.15.14.00

Rising Antivirus

Worm.Win32.Agent.avb

23.00.65.15330

Sophos

W32/AutoRun-BUC

4.95

SUPERAntiSpyware

Trojan.Agent/Gen-AutoIt

9962

Total Defense

Win32/Armax.G

37.0.10498

Trend Micro House Call

WORM_IMAUT.HB

7.2.91

Trend Micro

WORM_IMAUT.HB

10.465.01

Vba32 AntiVirus

Trojan-Downloader.Autoit.gen

3.12.24.3

VIPRE Antivirus

Worm.Win32.Nuqel.z

23624

ViRobot

Trojan.Win32.Autoit.617343.D

2011.4.7.4223

Zillya! Antivirus

Worm.Sohanad.Win32.1008

2.0.0.2033

File size:

1.1 MB (1,197,375 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\s-1-5-31-1286970278978-5713669491-166975984-320\tlsr\tlsr.exe

File PE Metadata

Compilation timestamp:

11/25/2007 12:21:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:r3i8X7pt4Oti0BWmKWIBtOcI9SSbA+cuXhsBM:r3TdtLW5WIj1YSSdFxsB

Entry address:

0xA5001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 50, 0A, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

3.0966

Packer / compiler:

ASPack v2.12

Code size:

404.5 KB (414,208 bytes)

Remove tlsr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.