» vftmadje.exe
Overview
Analysis
File Details
Behaviors (1)

vftmadje.exe

The executable vftmadje.exe has been detected as malware by 11 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘bjomnwsf’. According to AVG, this software downloads additional adware offers during setup.

File name:

vftmadje.exe

MD5:

f92cdb622ca4d79bdf3dbde068db367c

SHA-1:

ae812412ceb134cf8ad171f5def180c0cd73cf5e

SHA-256:

6894fd6f021f4458d5a8b2ba63362dcf13a93c53f9ef5407861cfe9f679a1175

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/24/2024 2:42:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.486237

827

Avira AntiVirus

TR/Agent.168960.57

7.11.182.116

avast!

Win32:Malware-gen

2014.9-141030

AVG

Downloader.Generic14

2015.0.3305

Bitdefender

Gen:Variant.Kazy.486237

1.0.20.1515

Emsisoft Anti-Malware

Gen:Variant.Kazy.486237

8.14.10.30.07

ESET NOD32

Win32/TrojanDownloader.Zortob

8.10646

F-Secure

Gen:Variant.Kazy.486237

11.2014-30-10_5

G Data

Gen:Variant.Kazy.486237

14.10.24

McAfee

Downloader-FAHQ!F92CDB622CA4

5600.6961

Microsoft Security Essentials

TrojanDownloader:Win32/Kuluoz.D

1.11104

File size:

165 KB (168,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\vftmadje.exe

File PE Metadata

Compilation timestamp:

10/28/2014 7:09:47 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.0

CTPH (ssdeep):

1536:O65sbyAYLE3Wfr6Nx+LpTtskfqKGNOP5mHt/egJmqKUhzNcqdrREfXj45yCZ2wE1:OosGjGNCD7yKWTxKULd94Ui8YAKCv4

Entry address:

0x103C

Entry point:

6A, 00, FF, 15, 50, 12, 40, 00, A3, C3, 10, 40, 00, 74, 00, E8, 34, 04, 00, 00, FF, 35, FB, 10, 40, 00, FF, 15, 2C, 12, 40, 00, 77, 71, 65, 77, 74, 20, 6D, 62, 6E, 73, 64, 61, 73, 6D, 62, 71, 20, 66, 6E, 76, 62, 6E, 00, 66, 64, 6E, 61, 77, 71, 66, 6E, 67, 66, 6E, 00, 68, 66, 6A, 00, 64, 66, 73, 67, 64, 66, 67, 34, 33, 34, 33, 35, 33, 20, 36, 35, 37, 2E, 00, 6A, 68, 64, 6A, 67, 64, 6A, 2E, 00, 74, 67, 20, 64, 66, 31, 67, 38, 20, 65, 36, 72, 20, 65, 31, 67, 38, 65, 36, 39, 20, 2E, 00, 33, 32, 31, 35, 36, 34... 
[+]

Entropy:

7.1385

Packer / compiler:

FASM v1.5x

Code size:

163.5 KB (167,424 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

bjomnwsf

Command:

"C:\users\{user}\appdata\local\vftmadje.exe"

Remove vftmadje.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.