» fb2841e253bf4913e61fd575b5bbe3c0.pe
Overview
Analysis
File Details

fb2841e253bf4913e61fd575b5bbe3c0.pe

The file fb2841e253bf4913e61fd575b5bbe3c0.pe has been detected as malware by 33 anti-virus scanners.

File name:

MD5:

fb2841e253bf4913e61fd575b5bbe3c0

SHA-1:

19e6ff3f4b74e463f7897df7b7099e074117ed13

SHA-256:

29cbe2e0eb09b846eea7998dd290970819626760faee9e85a6b5117753a9e2cc

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/19/2024 8:52:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Obfus.3.Gen

658

AhnLab V3 Security

Malware/Win32.Generic

2015.01.15

Avira AntiVirus

TR/Crypt.XPACK.Gen7

7.11.201.132

avast!

Win32:VirLock-A

2014.9-150418

AVG

Win32/Cryptor

2016.0.3136

Bitdefender

Trojan.Obfus.3.Gen

1.0.20.540

Comodo Security

Packed.Win32.Graybird.B

20715

Dr.Web

Win32.VirLock.1

9.0.1.0108

Emsisoft Anti-Malware

Trojan.Obfus.3.Gen

8.15.04.18.09

ESET NOD32

Win32/Virlock (variant)

9.11016

F-Prot

W32/S-43a675a7

v6.4.7.1.166

F-Secure

Trojan.Obfus.3.Gen

11.2015-18-04_7

G Data

Trojan.Obfus.3.Gen

15.4.24

IKARUS anti.virus

Virus.Win32.Virlock

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.191.14649

Kaspersky

Virus.Win32.PolyRansom

14.0.0.2173

Malwarebytes

Trojan.Agent.RND1Gen

v2015.04.18.09

McAfee

Trojan-FFGO!FB2841E253BF

5600.6792

Microsoft Security Essentials

Virus:Win32/Nabucur.A

1.11302

MicroWorld eScan

Trojan.Obfus.3.Gen

16.0.0.324

NANO AntiVirus

Trojan.Win32.Kryptik.djtwta

0.30.0.64448

Norman

PolyRansom.A

11.20150418

nProtect

Trojan.Obfus.3.Gen

15.01.14.01

Panda Antivirus

Generic Suspicious

15.04.18.09

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

Ransom.VirLock.A2

4.15.14.00

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.15416

Sophos

W32/VirRnsm-A

4.98

Total Defense

Win32/Nabucur.A

37.0.11386

Trend Micro House Call

PE_FINALDO.F

7.2.108

Trend Micro

PE_FINALDO.F

10.465.18

Vba32 AntiVirus

suspected of Malware-Cryptor.Win32.General

3.12.26.3

VIPRE Antivirus

Virus.Win32.Nabucur.a

36674

File size:

191 KB (195,584 bytes)

Common path:

C:\users\{user}\downloads\fb2841e253bf4913e61fd575b5bbe3c0.pe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

3072:8vLvfE195/fsNmUjJ8SBu+xLc2e6Hi4ZPDDbVzsUolrQBcejlAsB7BOGrydSWumx:QHEhWmUjJ8Qu+xLc2e6CcbVzsUolr8j6

Entry address:

0x2E1B7

Entry point:

BB, BF, 86, 0E, 00, BE, E4, 4C, 04, 00, 81, C3, 19, 16, 09, 00, 81, EE, 09, 3E, 00, 00, 81, C3, 28, 73, 28, 00, 81, C6, DD, A0, 45, 73, 89, 33, BA, E4, D4, 07, 00, B8, 00, 53, 0E, 00, 81, EA, 3F, 55, 03, 00, 05, 44, A3, 03, 00, 81, C2, 5F, 90, 3B, 00, 05, CD, 99, D7, 80, 89, 02, B8, 38, 60, 07, 00, BB, E4, E1, 02, 00, 2D, 1E, 26, 0F, 00, 81, C3, 1D, 9E, 0A, 00, 2D, 12, 2A, B8, FF, 81, C3, FF, 7F, F2, 50, 89, 18, BF, FC, 0D, 00, 00, BA, E4, 29, 00, 00, 81, EF, 89, 04, 0B, 00, 81, EA, C9, 3D, 05, 00, 81, EF... 
[+]

Entropy:

7.8242 (probably packed)

Code size:

186 KB (190,464 bytes)

Remove fb2841e253bf4913e61fd575b5bbe3c0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.