» ebadcf35570da17a7b4b2da653c70200.pe
Overview
Analysis
File Details

ebadcf35570da17a7b4b2da653c70200.pe

The file ebadcf35570da17a7b4b2da653c70200.pe has been detected as malware by 30 anti-virus scanners.

File name:

MD5:

ebadcf35570da17a7b4b2da653c70200

SHA-1:

3b58f510918f3bea9066319d4f9e50cf67e3602d

SHA-256:

bc29abe48521c326bfee5748c68bbc825a980f6bde5e5f7f27642345bbcc94c0

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/26/2024 9:25:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.556707

658

Agnitum Outpost

Trojan.Invader

7.1.1

AhnLab V3 Security

Trojan/Win32.Poweliks

2015.04.10

Avira AntiVirus

HEUR/Malware

3.6.1.96

avast!

Win32:Malware-gen

2014.9-150418

AVG

Agent5

2016.0.3136

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.15418

Bitdefender

Gen:Variant.Kazy.556707

1.0.20.540

Comodo Security

UnclassifiedMalware

21709

Dr.Web

BackDoor.Gootkit.123

9.0.1.0108

Emsisoft Anti-Malware

Gen:Variant.Kazy.556707

8.15.04.18.09

ESET NOD32

Win32/Agent.WRD (variant)

9.11451

Fortinet FortiGate

W32/Agent.B!tr

4/18/2015

F-Prot

W32/Trojan2.ONVS

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.556707

11.2015-18-04_7

G Data

Gen:Variant.Kazy.556707

15.4.25

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15544

Kaspersky

HEUR:Trojan.Win32.Invader

14.0.0.2173

McAfee

RDN/Generic.hra!cd

5600.6792

MicroWorld eScan

Gen:Variant.Kazy.556707

16.0.0.324

NANO AntiVirus

Virus.Win32.Gen.ccmw

0.30.10.952

Norman

Suspicious_Gen4.HOYKG

11.20150418

Panda Antivirus

Trj/Genetic.gen

15.04.18.09

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Sophos

Troj/XswKtDrp-B

4.98

Trend Micro House Call

TROJ_GEN.R047C0EB315

7.2.108

Trend Micro

TROJ_GEN.R047C0EB315

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

39206

Zillya! Antivirus

Trojan.Agent.Win32.514865

2.0.0.2134

File size:

139.5 KB (142,848 bytes)

Common path:

C:\users\{user}\downloads\ebadcf35570da17a7b4b2da653c70200.pe

File PE Metadata

Compilation timestamp:

12/2/2014 7:03:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

1536:xY9wS6CrVLF42kTD3pDQLuNehY4i1P5QKRK6EsGOcjAQa7Rk/uTc83H5wua9ch36:2nVFziPQDYP5vEssUfGEc8pwu6pRX0E

Entry address:

0x1EE0

Entry point:

FF, 15, A4, C0, 40, 00, A3, 08, 15, 42, 00, E8, 80, 83, 00, 00, 33, C0, C2, 10, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 10, 8B, 41, 3C, 53, 56, 57, 8B, 94, 08, 80, 00, 00, 00, 89, 4D, FC, 85, D2, 0F, 84, 90, 00, 00, 00, 83, BC, 08, 84, 00, 00, 00, 14, 0F, 86, 82, 00, 00, 00, 83, 3C, 0A, 00, 8D, 1C, 0A, 89, 5D, F8, 74, 76, 8B, 43, 0C, 6A, 00, 6A, 00, 03, C1, 50, FF, 15, 24, 15, 42, 00, 8B, D0, 89, 55, F4, 85, D2, 74, 69, 8B, 3B, 8B, 4D, FC, 8B, 73, 10, 03, F9, 03, F1, 8B, 07, 85... 
[+]

Entropy:

6.9009

Code size:

40.5 KB (41,472 bytes)

Remove ebadcf35570da17a7b4b2da653c70200.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.