» fa9a9c31b3f05d485a97105582f63620.pe
Overview
Analysis
File Details

fa9a9c31b3f05d485a97105582f63620.pe

The file fa9a9c31b3f05d485a97105582f63620.pe has been detected as malware by 32 anti-virus scanners.

File name:

MD5:

fa9a9c31b3f05d485a97105582f63620

SHA-1:

a4e35a0e944206b4984400cae9f515a269393287

SHA-256:

b2c8015a4738bd24159e58968bf28247ac307450a4838ffb910b36419bb8ec48

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/19/2024 7:57:55 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

GenPack:Backdoor.PcClient.TEV

658

Agnitum Outpost

Backdoor.PcClient.Gen.12

7.1.1

Avira AntiVirus

TR/Crypt.ASPM.Gen

3.6.1.96

avast!

Win32:Evo-gen [Susp]

2014.9-150418

AVG

BackDoor.PcClient.2

2016.0.3136

Baidu Antivirus

Backdoor.Win32.Agent

4.0.3.15418

Bitdefender

GenPack:Backdoor.PcClient.TEV

1.0.20.540

Comodo Security

Backdoor.Win32.Agent.~AQG

21663

Dr.Web

Trojan.DownLoader9.28536

9.0.1.0108

Emsisoft Anti-Malware

GenPack:Backdoor.PcClient.TEV

8.15.04.18.09

ESET NOD32

Win32/Agent.DKR

9.11430

F-Prot

W32/PcClient.AC.gen

v6.4.7.1.166

F-Secure

GenPack:Backdoor.PcClient.TEV

11.2015-18-04_7

G Data

GenPack:Backdoor.PcClient.TEV

15.4.25

IKARUS anti.virus

Trojan-Downloader.Win32.Apher

t3scan.1.8.9.0

K7 AntiVirus

Backdoor

13.202.15489

Kaspersky

Backdoor.Win32.Agent

14.0.0.2173

McAfee

Artemis!FA9A9C31B3F0

5600.6792

Microsoft Security Essentials

Backdoor:Win32/Venik

1.1.11502.0

MicroWorld eScan

GenPack:Backdoor.PcClient.TEV

16.0.0.324

NANO AntiVirus

Trojan.Win32.Agent.ttqcu

0.30.8.659

Norman

Obfuscated_O

11.20150418

nProtect

GenPack:Backdoor.PcClient.TEV

15.04.03.01

Panda Antivirus

Generic Malware

15.04.18.09

Qihoo 360 Security

HEUR/QVM13.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Backdoor.Win32.DDOS.eg!1075183496

23.00.65.15416

Sophos

Troj/Bckdr-QWZ

4.98

Trend Micro House Call

TROJ_GEN.R047C0CCV15

7.2.108

Trend Micro

TROJ_GEN.R047C0CCV15

10.465.18

Vba32 AntiVirus

BScope.P2P-Worm.Palevo

3.12.26.3

VIPRE Antivirus

Backdoor.Win32.Agent.tnr

39098

ViRobot

Backdoor.Win32.Agent.58368.Q[h]

2014.3.20.0

File size:

78 KB (79,872 bytes)

Common path:

C:\users\{user}\downloads\fa9a9c31b3f05d485a97105582f63620.pe

File PE Metadata

Compilation timestamp:

10/17/2008 10:44:13 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:fkDAWT563Z8jODnjU1zhI4Z4OEQN88A0FJaFY/0WJijz/:8L86irj8I83EG8iyYX4

Entry address:

0x11001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 10, 01, 00, 83, BD, 7D, 04, 00, 00, 00, 89, 9D, 7D, 04, 00, 00, 0F, 85, C0, 03, 00, 00, 8D, 85, 89, 04, 00, 00, 50, FF, 95, 09, 0F, 00, 00, 89, 85, 81, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, 05, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Entropy:

6.6937

Packer / compiler:

ASPack v2.12

Code size:

4 KB (4,096 bytes)

Remove fa9a9c31b3f05d485a97105582f63620.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.