» trojan1223.exe..
Overview
Analysis
File Details
Behaviors (1)

trojan1223.exe..

The file trojan1223.exe.. has been detected as malware by 18 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘d9d61885ee5db52da94966dfac23bcdd’.

File name:

trojan1223.exe..

Version:

0.0.0.0

MD5:

38fa9c28caa4434bb13fa01530910d1e

SHA-1:

0a407928ba44c02fcb6c8321cb0888630d3e88e5

SHA-256:

5bbf108615f882a102204a0b848505591f50e74a924f3b26473cf083f3b3d633

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

4/26/2024 8:24:54 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.16474

1016

AhnLab V3 Security

Trojan/Win32.Bladabindi

14.04.24

Avira AntiVirus

TR/Dropper.MSIL.Gen

7.11.145.40

AVG

Dropper.Generic9

2015.0.3494

Bitdefender

Gen:Variant.Barys.16474

1.0.20.570

Comodo Security

TrojWare.MSIL.Crypted.fu

18160

Dr.Web

Trojan.MulDrop5.6233

9.0.1.0114

Emsisoft Anti-Malware

Gen:Variant.Barys.16474

8.14.04.24.12

ESET NOD32

MSIL/Injector.BEC (variant)

8.9718

Fortinet FortiGate

MSIL/Dropper.BEC!tr

4/24/2014

F-Secure

Gen:Variant.Barys.16474

11.2014-24-04_5

G Data

Gen:Variant.Barys.16474

14.4.24

IKARUS anti.virus

Worm.Win32.Ainslot

t3scan.1.6.1.0

Malwarebytes

Spyware.Password

v2014.04.24.12

McAfee

Dropper-FKK!38FA9C28CAA4

5600.7150

Microsoft Security Essentials

VirTool:MSIL/Obfuscator.AO

1.10502

MicroWorld eScan

Gen:Variant.Barys.16474

15.0.0.342

NANO AntiVirus

Trojan.Win32.MulDrop5.cwcjat

0.28.0.59492

File size:

160 KB (163,840 bytes)

Product version:

0.0.0.0

Original file name:

سكس xnxx.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\trojan1223.exe..

File PE Metadata

Compilation timestamp:

4/23/2014 10:28:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:/ZDF9bND43dftQAaHGkfuQ0/BmHjxFYqDk9Hc3/nl6LAHkzI1UsgEA6IIidc:xDfbNUjQ/tfuQwB0j4gk96VAz

Entry address:

0x14EFE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0206

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

76 KB (77,824 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

d9d61885ee5db52da94966dfac23bcdd

Command:

"C:\users\{user}\appdata\local\temp\trojan1223.exe"..

Remove trojan1223.exe.. - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.