» tool.exe
Overview
Analysis
File Details

tool.exe

The executable tool.exe has been detected as malware by 25 anti-virus scanners.

File name:

tool.exe

Version:

0.0.0.0

MD5:

f1ff644861f447b68dad8afd88810e31

SHA-1:

cc8ccebce0780aa8bbc9d67c37c1c234ad1c1a27

SHA-256:

ee99622aff6e8b9f75d8fc3aa7cc2b8acc28e601fb4f712c9210cf453a127cc4

Scanner detections:

25 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

4/19/2024 6:38:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.MSIL.Krypt.2

896

Agnitum Outpost

Trojan.Krypt

7.1.1

AhnLab V3 Security

Trojan/Win32.Blocker

2014.08.23

Avira AntiVirus

TR/Spy.Gen

7.11.30.172

avast!

Win32:Agent-ARSZ [Trj]

140813-1

AVG

Trojan horse PSW.MSIL.JTO

2014.0.4007

Bitdefender

Gen:Heur.MSIL.Krypt.2

1.0.20.1170

Comodo Security

TrojWare.MSIL.Keylogger.A

19279

Dr.Web

Trojan.PWS.Siggen1.12069

9.0.1.05190

Emsisoft Anti-Malware

Gen:Heur.MSIL.Krypt

8.14.08.22.05

ESET NOD32

MSIL/Bladabindi.D worm

7.0.302.0

Fortinet FortiGate

MSIL/Agent.NRZX!tr

8/22/2014

F-Secure

Gen:Heur.MSIL.Krypt.2

11.2014-22-08_6

G Data

Gen:Heur.MSIL.Krypt

14.8.24

IKARUS anti.virus

Trojan-PWS.MSIL

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13139

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.3366

Malwarebytes

Backdoor.MSIL.P

v2014.08.22.05

Microsoft Security Essentials

Threat.Undefined

1.181.345.0

MicroWorld eScan

Gen:Heur.MSIL.Krypt.2

15.0.0.702

NANO AntiVirus

Trojan.Win32.Autoruner.dciaqm

0.28.2.61721

Panda Antivirus

Generic Malware

14.08.22.05

Qihoo 360 Security

Malware.QVM03.Gen

1.0.0.1015

Sophos

Mal/BBindi-D

4.98

VIPRE Antivirus

Threat.4821630

32210

File size:

96 KB (98,304 bytes)

Product version:

0.0.0.0

Original file name:

Stub.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ddos tool - by mella\tool.exe

File PE Metadata

Compilation timestamp:

8/19/2014 2:36:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:g/BmvfxW6FhRjOcR3hPoaEgem+x2AvXjO7HUEotQtGDewoWeP:g/2/jL3hPo/FvXS7EQtGDDz+

Entry address:

0x1940E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

93.5 KB (95,744 bytes)

Remove tool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.