home

verification 1127023019511 ifo aquino.scr

Ghostlily1

Time Doctor LLC

The file verification 1127023019511 ifo aquino.scr has been detected as malware by 17 anti-virus scanners.
Publisher:
Nesuvia   (signed by Time Doctor LLC)

Product:
Ghostlily1

Description:
Ardelle

Version:
1.00

MD5:
943e251febe758304373c7fe2e0c2c03

SHA-1:
5047c9f011c8f579fa90859f3293b162d652c48f

SHA-256:
1debad07197af241911b9f1918a59cdef679171cc7527d7667c0da6f17e66673

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
4/25/2024 6:07:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.267083
192

AegisLab AV Signature
Heur.IPZ
2.1.4+

Arcabit
Trojan.Graftor.D4134B
1.0.0.653

Bitdefender
Gen:Variant.Graftor.267083
1.0.20.1045

Emsisoft Anti-Malware
Gen:Variant.Graftor.267083
8.16.07.27.05

ESET NOD32
Win32/Injector.CQWP (variant)
10.12959

Fortinet FortiGate
W32/Injector.CQMQ!tr
7/27/2016

F-Secure
Gen:Variant.Graftor.267083
11.2016-27-07_4

G Data
Gen:Variant.Graftor.267083
16.7.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.2.0.4.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-156

Microsoft Security Essentials
VirTool:Win32/Injector.FQ
1.1.12400.0

MicroWorld eScan
Gen:Variant.Graftor.267083
17.0.0.627

Panda Antivirus
Trj/CI.A
16.07.27.05

Qihoo 360 Security
QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Attention.LeakedCert-TimeDoctorLLC!1.A3FA [F]
23.00.65.16725

Sophos
Mal/Generic-S
4.98

File size:
406.6 KB (416,392 bytes)

Product version:
1.00

Original file name:
Slanguage.exe

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\downloads\verification 1127023019511 ifo aquino.scr

Digital Signature
Signed by:
Time Doctor LLC

Authority:
COMODO CA Limited

Valid from:
4/17/2014 3:00:00 AM

Valid to:
4/17/2016 2:59:59 AM

Subject:
CN=Time Doctor LLC, O=Time Doctor LLC, STREET=800 E. Charleston Blvd, L=Las Vegas, S=NV, PostalCode=89104, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
560E898EA6CE12B2625740328076DCFB

File PE Metadata
Compilation timestamp:
1/25/2016 3:35:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:abdV1UU1hvAHyDPAi3p1Qm5lMC9PkMhp3sZaiFv2TypPB0Y/7nwPyG:g15hYH9Up35lpPJ+AovLdB0Yj2

Entry address:
0x1240

Entry point:
68, EC, 12, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 2B, BD, AA, 61, D3, BD, B1, 40, 96, A9, 20, B9, 3C, 73, 87, CD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 41, 00, 20, 08, 41, 00, 54, 65, 72, 68, 75, 6E, 65, 33, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, 58, 20, 40, 00, 07, 00, 00, 00, F0, 1F, 40, 00, 07, 00, 00, 00, A0, 1F, 40, 00, 01, 00, 02, 00, 84, 1C, 40, 00, 00, 00, 00, 00, FF, FF, FF, FF, FF, FF, FF, FF, 00, 00, 00, 00...
 
[+]

Entropy:
7.0544

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
188 KB (192,512 bytes)

Remove verification 1127023019511 ifo aquino.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.