» e958bfed37d24fd0443564bfc699f410.pe
Overview
Analysis
File Details

e958bfed37d24fd0443564bfc699f410.pe

The file e958bfed37d24fd0443564bfc699f410.pe has been detected as malware by 36 anti-virus scanners.

File name:

MD5:

e958bfed37d24fd0443564bfc699f410

SHA-1:

1e1787bec7d12c128f10771ceba05252d89424f8

SHA-256:

7f8d79912032c1615b03c76e2fe3fa4449ae3cd5dfe592b4ddaf198773e9ade6

Scanner detections:

36 / 68

Status:

Malware

Analysis date:

4/25/2024 10:57:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.201756

658

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2015.03.22

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.219.26

avast!

Win32:Malware-gen

2014.9-150418

AVG

PSW.OnlineGames_r

2016.0.3136

Baidu Antivirus

Trojan.Win32.Katusha

4.0.3.15418

Bitdefender

Gen:Variant.Kazy.201756

1.0.20.540

Comodo Security

TrojWare.Win32.Kryptik.BFZG

21494

Dr.Web

Trojan.DownLoader11.18063

9.0.1.0108

Emsisoft Anti-Malware

Gen:Variant.Kazy.201756

8.15.04.18.09

ESET NOD32

Win32/Kryptik.BOYQ (variant)

9.11358

Fortinet FortiGate

W32/Katusha.BOYQ!tr

4/18/2015

F-Prot

W32/Dropper.6!Generic

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.201756

11.2015-18-04_7

G Data

Gen:Variant.Kazy.201756

15.4.25

IKARUS anti.virus

Trojan-PWS.OnlineGames

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.202.15341

Kaspersky

Packed.Win32.Katusha

14.0.0.2173

Malwarebytes

Trojan.Agent

v2015.04.18.09

McAfee

RDN/PWS-Mmorpg!ms

5600.6792

Microsoft Security Essentials

Trojan:Win32/Beaugrit.gen!AAA

1.1.11400.0

MicroWorld eScan

Gen:Variant.Kazy.201756

16.0.0.324

NANO AntiVirus

Trojan.Win32.Katusha.cqmktx

0.30.8.659

Norman

Crypt.BFWJ

11.20150418

nProtect

Trojan/W32.Katusha.57856.BW

15.03.20.01

Panda Antivirus

Trj/Genetic.gen

15.04.18.09

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Katusha.r8

4.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.21.22

Sophos

Mal/TibsPk-D

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-PWS

9928

Trend Micro House Call

TROJ_GEN.R000C0DLV14

7.2.108

Trend Micro

TROJ_GEN.R000C0DLV14

10.465.18

VIPRE Antivirus

Trojan.Win32.Kryptik.boyq

38656

Zillya! Antivirus

Trojan.Kryptik.Win32.631173

2.0.0.2110

File size:

56.5 KB (57,856 bytes)

Common path:

C:\users\{user}\downloads\e958bfed37d24fd0443564bfc699f410.pe

File PE Metadata

Compilation timestamp:

9/13/2009 3:48:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:uPxCYteCPvcgCTeefQc9IvNqHTDpr2LBNN3:uoYHnl+P9IvUTDpr

Entry address:

0xD096

Entry point:

90, 60, 89, 0D, 0E, D0, 40, 00, 68, 02, D0, 40, 00, FF, 15, BF, E1, 40, 00, A1, 0E, D0, 40, 00, 3B, C1, 74, 8B, 61, 90, 90, 90, 90, 90, 60, E8, 00, 00, 00, 00, 5B, 66, 33, DB, 81, C3, 00, 10, 00, 00, 68, 88, 1E, 00, 00, 59, 8B, 03, 35, 44, 0C, 7B, 02, 89, 03, 83, C3, 04, E2, F2, 61, E8, 3E, FF, FF, FF, 90, E9, 20, EF, FF, FF, 90, 00, 00, 00, 00, 90, 90, 81, EC, 08, 02, 00, 00, 36, 8D, 05, 4A, C2, 40, 00, 68, 04, 01, 00, 00, 50, 6A, 00, FF, 15, 8C, 60, 40, 00, 57, 36, 8D, 05, 16, C2, 40, 00, 68, 04, 01, 00... 
[+]

Entropy:

4.9800

Packer / compiler:

ASProtect

Code size:

19 KB (19,456 bytes)

Remove e958bfed37d24fd0443564bfc699f410.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.