» efba0ad515e3c0141ae5742fd8c0b6c0.pe
Overview
Analysis
File Details

efba0ad515e3c0141ae5742fd8c0b6c0.pe

The file efba0ad515e3c0141ae5742fd8c0b6c0.pe has been detected as malware by 28 anti-virus scanners.

File name:

MD5:

efba0ad515e3c0141ae5742fd8c0b6c0

SHA-1:

b2a44e871ed37faa05980ba19e45b5d9f0a2bdf9

SHA-256:

8a29dd3edeb154ae06476be4560ae60b47b0281a55d0ab5a21fbbddbe7466682

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/24/2024 6:40:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

658

Agnitum Outpost

VirTool.CeeInject

7.1.1

Avira AntiVirus

TR/Dropper.Gen

3.6.1.96

avast!

Win32:Evo-gen [Susp]

2014.9-150418

AVG

BackDoor.Generic_r.GV.dropper

2016.0.3136

Baidu Antivirus

Trojan.Win32.Refroso

4.0.3.15418

Bitdefender

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

1.0.20.540

Comodo Security

TrojWare.Win32.Refroso.xff

21663

Dr.Web

BackDoor.Bifrost.28090

9.0.1.0108

Emsisoft Anti-Malware

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

8.15.04.18.09

ESET NOD32

Win32/Injector.BGER (variant)

9.11430

Fortinet FortiGate

W32/Refroso.XFF!tr

4/18/2015

F-Prot

W32/VBcrypt.BG.gen

v6.4.7.1.166

F-Secure

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

11.2015-18-04_7

G Data

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

15.4.25

IKARUS anti.virus

Trojan.Win32.Refroso

t3scan.1.8.9.0

Kaspersky

Trojan.Win32.Refroso

14.0.0.2173

McAfee

Artemis!EFBA0AD515E3

5600.6792

Microsoft Security Essentials

VirTool:Win32/CeeInject.gen!AA

1.1.11502.0

MicroWorld eScan

Gen:Trojan.Heur2.GZ.kSWbbqAjQlkm

16.0.0.324

NANO AntiVirus

Trojan.Win32.Refroso.bjvto

0.30.8.659

Norman

Suspicious_Gen2.THOJZ

11.20150418

Qihoo 360 Security

HEUR/QVM13.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.DL.Win32.Nodef.alv!1075292167

23.00.65.15416

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R047B01CV15

7.2.108

Vba32 AntiVirus

TrojanDownloader.Refroso

3.12.26.3

VIPRE Antivirus

BehavesLike.Win32.Malware.bsf (vs)

39098

File size:

160 KB (163,840 bytes)

Common path:

C:\users\{user}\downloads\efba0ad515e3c0141ae5742fd8c0b6c0.pe

File PE Metadata

Compilation timestamp:

8/3/2004 11:01:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:g67pcA8IooiiDW/63Hmy5DxFEXCfdYOe:9GA8IoohK62yKN

Entry address:

0x2B000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 81, ED, 0A, 4A, 44, 00, BB, 04, 4A, 44, 00, 03, DD, 2B, 9D, B1, 50, 44, 00, 83, BD, AC, 50, 44, 00, 00, 89, 9D, BB, 4E, 44, 00, 0F, 85, 17, 05, 00, 00, 8D, 85, D1, 50, 44, 00, 50, FF, 95, 94, 51, 44, 00, 89, 85, CD, 50, 44, 00, 8B, F8, 8D, 9D, DE, 50, 44, 00, 53, 50, FF, 95, 90, 51, 44, 00, 89, 85, B9, 50, 44, 00, 8D, 9D, EB, 50, 44, 00, 53, 57, FF, 95, 90, 51, 44, 00, 89, 85, BD, 50, 44, 00, 8B, 85, BB, 4E, 44, 00, 89, 85, AC, 50, 44, 00, 6A, 04, 68, 00, 10, 00, 00, 68, 9A, 04... 
[+]

Entropy:

6.8571

Packer / compiler:

ASPack v1.08.03

Code size:

38.5 KB (39,424 bytes)

Remove efba0ad515e3c0141ae5742fd8c0b6c0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.