home

fb8979b1e23351776c7eaf3947602400.pe

The file fb8979b1e23351776c7eaf3947602400.pe has been detected as malware by 42 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
MD5:
fb8979b1e23351776c7eaf3947602400

SHA-1:
7792687e057a039e283624e85f0c506b843e1337

SHA-256:
27398dcb8e8edbc4d836c2d40ed70a881663541b1fe469dcb44f67fa6765c043

Scanner detections:
42 / 68

Status:
Malware

Analysis date:
4/25/2024 9:06:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.8628969
658

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Downloader/Win32.Andromeda
2015.03.23

Avira AntiVirus
TR/Dropper.VB.Gen8
7.11.219.26

avast!
Win32:Trojan-gen
2014.9-150418

AVG
Downloader.Generic13
2016.0.3136

Baidu Antivirus
Trojan.Win32.Andromeda
4.0.3.15418

Bitdefender
Trojan.Generic.8628969
1.0.20.540

Bkav FE
W32.FamVT.Backdoor.VB.Trojan
1.3.0.6379

Clam AntiVirus
WIN.Downloader.Agent-395
0.98/21511

Comodo Security
TrojWare.Win32.TrojanDownloader.Andromeda.CD
21494

Dr.Web
Trojan.Siggen4.20010
9.0.1.0108

Emsisoft Anti-Malware
Trojan.Generic.8628969
8.15.04.18.09

ESET NOD32
Win32/Injector.WXP (variant)
9.11358

Fortinet FortiGate
W32/Injector.WXP!tr
4/18/2015

F-Prot
W32/VBcrypt.AM.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.8628969
11.2015-18-04_7

G Data
Trojan.Generic.8628969
15.4.25

herdProtect (fuzzy)
variant of virussign.com_33e4c0d30b7ab1862f0af9d5f026c140.vir
2015.7.19.21

IKARUS anti.virus
Trojan-Downloader.Win32.Andromeda
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.197.15038

Kaspersky
Backdoor.Win32.Androm
14.0.0.2173

Malwarebytes
Trojan.Andromeda
v2015.04.18.09

McAfee
W32/Worm-FDU!FB8979B1E233
5600.6792

Microsoft Security Essentials
Worm:Win32/Gamarue!rfn
1.1.11400.0

MicroWorld eScan
Trojan.Generic.8628969
16.0.0.324

NANO AntiVirus
Trojan.Win32.Androm.dlmvmc
0.30.8.659

Norman
Andromeda.UQ
11.20150418

nProtect
Trojan/W32.Agent.311296.UI
15.02.17.01

Panda Antivirus
Trj/Genetic.gen
15.04.18.09

Qihoo 360 Security
Win32/Trojan.Dropper.69c
1.0.0.1015

Quick Heal
Worm.Gamarue.A3
4.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.13231B66!321067878
23.00.65.15416

Sophos
Troj/MDrop-FRP
4.98

SUPERAntiSpyware
Worm.Gamarue
9928

Total Defense
Win32/Gamarue.OGEbSaD
37.0.11507

Trend Micro House Call
TSPY_DOWNLOADER_BK08494B.TOMC
7.2.108

Trend Micro
TSPY_DOWNLOADER_BK08494B.TOMC
10.465.18

Vba32 AntiVirus
TrojanDownloader.Andromeda
3.12.26.3

VIPRE Antivirus
Worm.Win32.Vobfus.mc
38656

ViRobot
Trojan.Win32.Downloader.311296.T[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Androm.Win32.11370
2.0.0.2076

File size:
304 KB (311,296 bytes)

Common path:
C:\users\{user}\downloads\fb8979b1e23351776c7eaf3947602400.pe

File PE Metadata
Compilation timestamp:
9/19/2012 4:20:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:ZIDNcIFN3tw4QfwmAOMe6UJbVM/vkA9OQzY6eCFs5Juh2v19hlDcfbEdp7uxEo+i:qJigOTJXYOaFs5Juh819hqkuGh2LeyI

Entry address:
0x109C

Entry point:
68, FC, 10, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 3C, DE, FF, 55, B5, AE, F8, 48, 83, 2E, 1F, B1, B2, D6, C3, 03, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 30, 3A, 46, 69, 72, 65, 66, 65, 6C, 6C, 65, 72, 00, 31, 00, 00, 00, 00, 07, 00, 00, 00, 50, 36, 40, 00, 07, 00, 00, 00, 08, 36, 40, 00, 07, 00, 00, 00, C4, 35, 40, 00, 56, 42, 35, 21, 36, 26, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.4332

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
292 KB (299,008 bytes)

Remove fb8979b1e23351776c7eaf3947602400.pe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.