» de0181e2e43cf90cd5f4741188a97b30.pe
Overview
Analysis
File Details

de0181e2e43cf90cd5f4741188a97b30.pe

YptATMKXH

Q0fM

The file de0181e2e43cf90cd5f4741188a97b30.pe has been detected as malware by 38 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

Publisher:

Q0fM

Product:

YptATMKXH

Version:

31.85.59251.18524

MD5:

de0181e2e43cf90cd5f4741188a97b30

SHA-1:

92cd633d065ee8ed308a1edbb9ef97672c8fc0b5

SHA-256:

faf8e1abb799d18a042bc1ea193c223ee57c668fd29acf908df6a0dfd98765a3

Scanner detections:

38 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 6:56:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

658

Agnitum Outpost

Win32.Sality.BK

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.04.09

avast!

Win32:Kukacka

2014.9-150418

AVG

Win32/Sality

2016.0.3136

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15418

Bitdefender

Win32.Sality.3

1.0.20.540

Bkav FE

W32.Sality.PE

1.3.0.6379

Comodo Security

Virus.Win32.Sality.gen

21697

Dr.Web

Win32.Sector.30

9.0.1.0108

Emsisoft Anti-Malware

Win32.Sality

8.15.04.18.08

ESET NOD32

Win32/Sality.NBA

9.11445

F-Prot

W32/Sality.E.gen

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2015-18-04_7

G Data

Win32.Sality

15.4.25

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15530

Kaspersky

Virus.Win32.Sality

14.0.0.2173

Malwarebytes

Trojan.FakeMS

v2015.04.18.08

McAfee

W32/Sality.gen.z

5600.6792

Microsoft Security Essentials

Virus:Win32/Sality.AU

1.1.11502.0

MicroWorld eScan

Win32.Sality.3

16.0.0.324

NANO AntiVirus

Virus.Win32.Sality.beygb

0.30.10.952

Norman

Sality.ZHB

11.20150418

nProtect

Virus/W32.Sality.D

15.04.07.01

Panda Antivirus

W32/Sality.AA

15.04.18.08

Qihoo 360 Security

Win32/Trojan.1ef

1.0.0.1015

Quick Heal

W32.Sality.U

4.15.14.00

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15416

Sophos

Mal/Sality-D

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Falprod

9928

Total Defense

Win32/Sality.AA

37.0.11539

Trend Micro House Call

PE_SALITY.RL

7.2.108

Trend Micro

PE_SALITY.RL

10.465.18

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Virus.Win32.Sality.at

39184

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2132

File size:

202.2 KB (207,099 bytes)

Product version:

31.52.4757.46567

Original file name:

uBEdVN

Language:

English (United States)

Common path:

C:\users\{user}\downloads\de0181e2e43cf90cd5f4741188a97b30.pe

File PE Metadata

Compilation timestamp:

9/10/2012 7:53:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:PAmRefVvpOR9Vb73ho4PQ4++4iCsg2tQvtgfBX+:pipO7VpoEGiqtgf5+

Entry address:

0x1AA0C

Entry point:

60, 40, 0F, BE, C9, 50, 68, BB, 92, 4D, 00, EB, 06, FF, CE, FF, CB, 85, F2, 84, FA, 4F, F2, 8A, F6, 81, FD, 23, 2E, 00, 00, 76, 05, 0B, C8, 0F, AF, F5, 3B, C3, EB, 04, 80, EE, 8A, 48, 68, 2F, 53, E1, 00, 68, CE, 9A, 41, 00, EB, 08, F7, C1, C6, E7, D8, 56, 13, D9, B1, B3, 34, B9, 72, 02, 8A, F4, E8, 00, 00, 00, 00, 33, D2, 88, D0, 89, D8, 14, 8E, 81, D8, B2, B6, 9E, DC, 13, F1, 8D, 2D, 27, 67, 41, 45, 81, C2, FA, 8F, FE, FF, 86, E3, 46, 88, E1, 81, C2, 07, 70, 01, 00, 81, FA, C7, C1, 00, 00, 75, 07, B9, 1F... 
[+]

Entropy:

7.9007 (probably packed)

Code size:

124 KB (126,976 bytes)

Remove de0181e2e43cf90cd5f4741188a97b30.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.