» trueinstallverizonyahoo.exe
Overview
Analysis
File Details

trueinstallverizonyahoo.exe

Esaya.com Inc.

The executable trueinstallverizonyahoo.exe has been detected as malware by 16 anti-virus scanners.

File name:

Publisher:

Esaya.com Inc. (signed and verified)

MD5:

0dbb3bc9d7ecf47c4ef0b3f9461c9372

SHA-1:

53bbc460338a1a5d37930919331188f12d54cf76

SHA-256:

192c672a4826cc29b4c95443d2f83390ce3b7283b52d522205dacb21951745f1

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/24/2024 3:58:34 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Win-Trojan/Xema.variant

2013.03.21

Avira AntiVirus

TR/Agent.69632.J

7.11.65.156

Bitdefender

Trojan.Generic.3981157

1.0.20.380

Bkav FE

HW32.CDB

1.3.0.4246

Emsisoft Anti-Malware

Trojan.Generic.3981157

8.15.03.17.02

F-Secure

Trojan.Generic.3981157

11.2015-17-03_3

G Data

Trojan.Generic.3981157

15.3.22

K7 AntiVirus

Trojan

13.163.8404

MicroWorld eScan

Trojan.Generic.3981157

16.0.0.228

nProtect

Trojan/W32.Agent.75384

13.03.21.02

Panda Antivirus

Generic Trojan

15.03.17.02

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.17.14

Trend Micro House Call

PAK_Generic.001

7.2.226

Trend Micro

PAK_Generic.001

10.465.14

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

73.6 KB (75,384 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\trueinstallverizonyahoo.exe

Digital Signature

Signed by:

Esaya.com Inc.

Authority:

VeriSign, Inc.

Valid from:

5/17/2006 8:00:00 PM

Valid to:

5/17/2009 7:59:59 PM

Subject:

CN=Esaya.com Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Esaya.com Inc., L=New York, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

244A552C72B65C01E472D28722707D5A

File PE Metadata

Compilation timestamp:

6/14/2007 7:01:51 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:1l2rgEppOFo+efhFrX4Yg0DjEvtWYLU67UK:GrgEppOFAfhNXbg0XytWYb

Entry address:

0x33CC0

Entry point:

60, BE, 00, 60, 42, 00, 8D, BE, 00, B0, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

7.5807

Packer / compiler:

UPX 2.90LZMA

Code size:

56 KB (57,344 bytes)

Remove trueinstallverizonyahoo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.