home

d3993441c01b14ffff7222edba6f9d10.pe

The file d3993441c01b14ffff7222edba6f9d10.pe has been detected as malware by 40 anti-virus scanners. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.
MD5:
d3993441c01b14ffff7222edba6f9d10

SHA-1:
d4997bf0215da5e6157d3ae3e1a8787ef02974e5

SHA-256:
6562a926c024856a2f1da842c25f5398748d5b58b8fe11390e8a79ef0140f1e4

Scanner detections:
40 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/24/2024 9:00:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.SalityStub.A
658

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
15.04.18

Avira AntiVirus
W32/Sality.AT
7.11.146.0

avast!
Win32:Sality
2014.9-150418

AVG
Win32/Sality.dropper
2016.0.3136

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15418

Bitdefender
Trojan.SalityStub.A
1.0.20.540

Bkav FE
W32.Sality.PE
1.3.0.4959

Clam AntiVirus
Win.Virus.Sality-19
0.98/18355

Comodo Security
Virus.Win32.Sality.Gen
18183

Dr.Web
Trojan.MulDrop4.30599
9.0.1.0108

Emsisoft Anti-Malware
Trojan.SalityStub
8.15.04.18.08

ESET NOD32
Win32/Sality
9.9734

Fortinet FortiGate
W32/LPECrypt.A!tr
4/18/2015

F-Prot
W32/Sality.gen2
v6.4.7.1.166

F-Secure
Trojan.SalityStub.A
11.2015-18-04_7

G Data
Trojan.SalityStub
15.4.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11907

Kaspersky
Virus.Win32.Sality
14.0.0.2173

Malwarebytes
Trojan.Malpack.Gen
v2015.04.18.08

McAfee
W32/Sality.gen.z
5600.6792

Microsoft Security Essentials
Virus:Win32/Sality.AT
1.10502

MicroWorld eScan
Trojan.SalityStub.A
16.0.0.324

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.0.59608

Norman
Sality.dam
11.20150418

nProtect
Trojan.SalityStub.A
14.04.28.01

Panda Antivirus
W32/Sality.AK.drp
15.04.18.08

Qihoo 360 Security
Trojan.Win32.SalityStub.A
1.0.0.1015

Quick Heal
W32.Sality.U
4.15.14.00

Rising Antivirus
PE:Trojan.Win32.KUKU.a!1075333286
23.00.65.15416

Sophos
Troj/SalLoad-C
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Frauder
9928

Total Defense
Win32/Sality.AA
37.0.10905

Trend Micro House Call
PE_SALITY.RL-O
7.2.108

Trend Micro
PE_SALITY.RL-O
10.465.18

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.0

VIPRE Antivirus
Virus.Win32.Sality.at
28670

ViRobot
Win32.Sality.N.Host
2011.4.7.4223

File size:
100.7 KB (103,140 bytes)

Common path:
C:\users\{user}\downloads\d3993441c01b14ffff7222edba6f9d10.pe

File PE Metadata
Compilation timestamp:
2/10/2002 5:15:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:KjPGfJTpQdvPy2880lxmfLGZQ9/uKwg7s6tKTonN4XTnF:KjevQdHEzuyG5vwcR0wNOTn

Entry address:
0x1040

Entry point:
E8, 00, 00, 00, 00, 58, 05, 7B, 02, 00, 00, 50, 43, C3, FF, 15, 08, 10, 40, 00, 6A, 00, FF, 15, 00, 10, 40, 00, C3, 90, 90, 90, 9C, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BA, 10, 00, 00, 00, 10, 00, 00, A4, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D6, 10, 00, 00, 08, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, AC, 10, 00, 00, 00, 00, 00, 00, C8, 10, 00, 00, 00, 00, 00, 00, 7D, 00, 45, 78, 69, 74, 50, 72, 6F, 63, 65, 73, 73, 00, 4B, 45, 52, 4E, 45, 4C...
 
[+]

Entropy:
6.5676

Code size:
512 Bytes (512 bytes)

Remove d3993441c01b14ffff7222edba6f9d10.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.