» virtualdj_pro_v7.0.2.exe
Overview
Analysis
File Details

virtualdj_pro_v7.0.2.exe

Windows Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable virtualdj_pro_v7.0.2.exe, “Auto-extracteur de fichier CAB Win32 ” has been detected as malware by 22 anti-virus scanners.

File name:

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Windows® Internet Explorer

Description:

Auto-extracteur de fichier CAB Win32

Version:

8.00.7600.16385 (win7_rtm.090713-1255)

MD5:

386c768dd464d23ae0a3de4e9d167ce1

SHA-1:

970b8491c693bfa0ba8acd857f78ffd0b4198d27

SHA-256:

33b92b4f46e710fbb9d4743f6120706ebfeb6965c5d80bee64beaeacf5f5d190

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/25/2024 8:45:34 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DR.Agent

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.Gen

7.11.115.226

avast!

Win32:Malware-gen

2014.9-140419

AVG

Dropper.Generic4.BNX.dropper

2015.0.3500

Comodo Security

UnclassifiedMalware

17339

Dr.Web

Trojan.DownLoader3.62261

9.0.1.0109

ESET NOD32

MSIL/Injector.ARP (variant)

8.9099

Fortinet FortiGate

W32/Genome.UUDT!tr

4/19/2014

F-Secure

Trojan.Generic.KDV.273701

11.2014-19-04_7

IKARUS anti.virus

Trojan-Dropper.MSIL

t3scan.2.2.29

K7 AntiVirus

Trojan

13.174.10319

Kaspersky

Trojan.Win32.Genome

14.0.0.3994

McAfee

Artemis!386C768DD464

5600.7156

Microsoft Security Essentials

Worm:Win32/Ainslot.A

1.163.1557.0

MicroWorld eScan

Trojan.Generic.KDV.273701

15.0.0.327

NANO AntiVirus

Trojan.Win32.DownLoader3.ciymwz

0.28.0.56420

Norman

ZBot.A

11.20140419

Panda Antivirus

Suspicious file

14.04.19.06

Quick Heal

Worm.Ainslot

4.14.12.00

Trend Micro House Call

TROJ_SPNR.11FM12

7.2.109

Trend Micro

TROJ_SPNR.11FM12

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

23756

File size:

28.6 MB (30,036,992 bytes)

Product version:

8.00.7600.16385

Original file name:

WEXTRACT.EXE .MUI

File type:

Executable application (Win32 EXE)

Language:

French (France)

File PE Metadata

Compilation timestamp:

7/14/2009 1:42:43 AM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

786432:jf2phOZ0MJSyKTTpXFvJjI0V6T11MwUIcvoAshwOFMr8M9+BTT64/:j+StJlQ3JjI66ZO5oAshweM4F/

Entry address:

0x6AF8

Entry point:

E8, 1C, 06, 00, 00, E9, 4D, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, C4, C2, 00, 01, 75, 03, C2, 00, 00, E9, 98, 06, 00, 00, CC, CC, CC, CC, CC, FF, 25, 74, 12, 00, 01, CC, CC, CC, CC, CC, CC, FF, 25, 70, 12, 00, 01, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, CC, CC, CC, CC, CC, 53, 56, 57, 8B, 54, 24, 10, 8B... 
[+]

Code size:

43 KB (44,032 bytes)

Remove virtualdj_pro_v7.0.2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.