home

toencrypt.exe

Remote Service Application

Microsoft Corp.

The executable toencrypt.exe has been detected as malware by 40 anti-virus scanners.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
bac974a6f6833b6bd4a115ca295241aa

SHA-1:
87852310926b021ab551302ce6d89383ae447a62

SHA-256:
bbcae55ae2cb6556f49f0fa3891d7d3decaae5b7cc8068935ec47744cf59ea96

Scanner detections:
40 / 68

Status:
Malware

Analysis date:
4/25/2024 3:20:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Inject.AUZ
6586311

Agnitum Outpost
Trojan.Comet.Gen.LO
7.1.1

AhnLab V3 Security
Trojan/Win32.DelfInject
2015.02.28

Avira AntiVirus
BDS/DarkKomet.GR
7.11.212.228

avast!
Win32:Delf-SQI [Trj]
150129-1

AVG
BackDoor.Generic16
2016.0.3185

Bitdefender
Trojan.Inject.AUZ
1.0.20.290

Bkav FE
W32.OnGamesLTKVPOK.Trojan
1.3.0.6379

Clam AntiVirus
WIN.Trojan.DarkKomet
0.98/20120

Comodo Security
Backdoor.Win32.Agent.XAB
21233

Dr.Web
BackDoor.Comet.2020
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Inject.AUZ
9.0.0.4799

ESET NOD32
Win32/Fynloski.AA trojan
7.0.302.0

Fortinet FortiGate
W32/DarkKomet.ID!tr.bdr
2/27/2015

F-Prot
W32/Downloader.C.gen
4.6.5.141

F-Secure
Trojan.Inject.AUZ
5.13.68

G Data
Trojan.Inject.AUZ
15.2.25

IKARUS anti.virus
Backdoor.Win32.DarkKomet
t3scan.1.8.6.0

K7 AntiVirus
Backdoor
13.1915113

Kaspersky
Backdoor.Win32.DarkKomet
15.0.0.543

Malwarebytes
Backdoor.Agent.DCRSAGen
v2015.02.27.08

McAfee
Trojan.Generic BackDoor.xa
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.193.1194.0

MicroWorld eScan
Trojan.Inject.AUZ
16.0.0.174

NANO AntiVirus
Trojan.Win32.DarkKomet.cssoim
0.30.0.296

Norman
Backdoor.Fynloski.C
03.12.2014 13:20:04

nProtect
Trojan/W32.Agent.673792.BH
15.02.27.01

Panda Antivirus
Trj/Packed.B
15.02.27.08

Quick Heal
Backdoor.Fynloski.A9
2.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.2.27.20

Rising Antivirus
PE:Backdoor.Pontoeb!1.6637
23.00.65.15225

Sophos
Virus 'Troj/Backdr-ID'
5.11

SUPERAntiSpyware
Trojan.Agent/Gen-Fynloski
10027

Total Defense
Win32/Fynloski.A!generic
37.0.11467

Trend Micro House Call
BKDR_FYNLOS.SMM
7.2.58

Trend Micro
BKDR_FYNLOS.SMM
10.465.27

Vba32 AntiVirus
Backdoor.DarkKomet
3.12.26.3

VIPRE Antivirus
Threat.4733922
37788

ViRobot
Backdoor.Win32.Agent.674304.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Fynloski.Win32.3190
2.0.0.2084

File size:
658 KB (673,792 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/7/2012 9:59:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:a9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/h2:WZ1xuVVjfFoynPaVBUR8f+kN10EBc

Entry address:
0x8F888

Entry point:
55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0...
 
[+]

Entropy:
6.6170

Developed / compiled with:
Microsoft Visual C++

Code size:
573 KB (586,752 bytes)

Remove toencrypt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.