home

f9046dcedb96355d6fb74456daa44440.pe

The file f9046dcedb96355d6fb74456daa44440.pe has been detected as malware by 39 anti-virus scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source.
MD5:
f9046dcedb96355d6fb74456daa44440

SHA-1:
452931a003039edd2e31830e3ddb93cbac19ea6a

SHA-256:
d18fd00b149a66f2d9f0a84d42b126bbc5fb9b99072f9c3ebdf73281019f1373

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
4/25/2024 11:37:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.13318
658

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Win-Trojan/Unruy.100356
2015.03.15

Avira AntiVirus
TR/Dropper.Gen
7.11.217.78

avast!
Win32:Unruy-Z [Trj]
2014.9-150418

AVG
Dropper.Generic2
2016.0.3136

Baidu Antivirus
Trojan.Win32.Powp
4.0.3.15418

Bitdefender
Gen:Variant.Graftor.13318
1.0.20.540

Bkav FE
W32.OnlineGameXEWU
1.3.0.6379

Clam AntiVirus
Trojan.Powp-7
0.98/21511

Comodo Security
TrojWare.Win32.Powp.Gen1
21412

Dr.Web
Trojan.Siggen2.59758
9.0.1.0108

Emsisoft Anti-Malware
Gen:Variant.Graftor.13318
8.15.04.18.09

ESET NOD32
Win32/TrojanDownloader.Unruy.BN
9.11321

Fortinet FortiGate
W32/Powp.gen!tr
4/18/2015

F-Prot
W32/CeeInject.O.gen
v6.4.7.1.166

F-Secure
Trojan-Downloader:W32/Unruy.M
11.2015-18-04_7

G Data
Gen:Variant.Graftor.13318
15.4.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.1.8.6.0

K7 AntiVirus
Backdoor
13.200.15262

Kaspersky
Trojan.Win32.Powp
14.0.0.2173

McAfee
Generic Downloader.ox
5600.6792

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!J
1.1.11400.0

MicroWorld eScan
Gen:Variant.Graftor.13318
16.0.0.324

NANO AntiVirus
Trojan.Win32.Powp.boqug
0.30.0.296

Norman
FraudPack.IZ
11.20150418

nProtect
Trojan/W32.Agent.100364.C
15.03.13.01

Panda Antivirus
Trj/Agent.OEF
15.04.18.09

Qihoo 360 Security
Malware.Radar01.Gen
1.0.0.1015

Quick Heal
Win32.Trojan.Powp.gen.4.grp7
4.15.14.00

Rising Antivirus
PE:Trojan.Win32.Fednu.bfp!1075342232
23.00.65.15416

Sophos
Troj/Agent-PFJ
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-CDesc[Gen]
9928

Total Defense
Win32/Powp.A!generic
37.0.11494

Trend Micro House Call
TROJ_UNRUY.SMEP
7.2.108

Trend Micro
TROJ_UNRUY.SMEP
10.465.18

Vba32 AntiVirus
SScope.Injector.MY
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Powp.gen
38422

ViRobot
Trojan.Win32.Powp.100352[h]
2014.3.20.0

File size:
98 KB (100,364 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\f9046dcedb96355d6fb74456daa44440.pe

File PE Metadata
Compilation timestamp:
10/30/2010 4:48:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:46V87r/x8BZ/rWLfSo15FteivzoAkQpyTphpnS:46er/c6eo1HteMoS4fpnS

Entry address:
0x3340

Entry point:
81, EC, 34, 05, 00, 00, 53, 55, 56, 57, 6A, 74, 68, E3, 00, 00, 00, 68, 75, 03, 00, 00, 68, 0E, 03, 00, 00, 68, 85, 01, 00, 00, 68, D0, 00, 00, 00, E8, C6, DC, FF, FF, A1, 40, 55, 40, 00, 8B, 2D, 20, 40, 40, 00, 83, C4, 18, 50, FF, D5, 8B, 0D, D0, 55, 40, 00, 8B, 1D, 00, 40, 40, 00, 6A, 64, 68, C6, 00, 00, 00, 6A, 42, 68, C3, 00, 00, 00, 51, FF, D3, 8B, 15, 64, A0, 41, 00, 8B, 35, 0C, 40, 40, 00, 52, FF, D6, 8B, 3D, 10, 40, 40, 00, A3, 14, A1, 41, 00, FF, D7, A1, 5C, A0, 41, 00, 50, FF, D6, 8B, 0D, 14, 56...
 
[+]

Entropy:
7.8104

Packer / compiler:
Nullsoft install system v2.x

Code size:
11.5 KB (11,776 bytes)

Remove f9046dcedb96355d6fb74456daa44440.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.