» fdb75b23d9c3975e98cea1397754cf80.pe
Overview
Analysis
File Details

fdb75b23d9c3975e98cea1397754cf80.pe

The file fdb75b23d9c3975e98cea1397754cf80.pe has been detected as malware by 29 anti-virus scanners.

File name:

MD5:

fdb75b23d9c3975e98cea1397754cf80

SHA-1:

513032417acbd7dd93e0380dd6f7d62ab9c30fb9

SHA-256:

c4446cc62289c1f4efb040ee5eef4a072b7592b1c4017a29796d5dfa4fc22eff

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/23/2024 1:05:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virlock.Gen.1

658

Avira AntiVirus

TR/Crypt.XPACK.Gen2

7.11.217.78

avast!

Win32:Evo-gen [Susp]

2014.9-150418

AVG

LockScreen

2016.0.3136

Bitdefender

Win32.Virlock.Gen.1

1.0.20.540

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

Virus.Win32.Virlock.jet

21410

Dr.Web

Win32.VirLock.10

9.0.1.0108

Emsisoft Anti-Malware

Win32.Virlock.Gen

8.15.04.18.09

ESET NOD32

Win32/Virlock (variant)

9.11320

Fortinet FortiGate

W32/Zegost.ATDB!tr

4/18/2015

F-Prot

W32/S-712c29cb

v6.4.7.1.166

F-Secure

Win32.Virlock.Gen.1

11.2015-18-04_7

G Data

Win32.Virlock.Gen

15.4.25

IKARUS anti.virus

Virus-Ransom.FileLocker

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15262

Kaspersky

Virus.Win32.PolyRansom

14.0.0.2173

McAfee

W32/VirRansom.b

5600.6792

Microsoft Security Essentials

Virus:Win32/Nabucur.C

1.1.11400.0

MicroWorld eScan

Win32.Virlock.Gen.1

16.0.0.324

Norman

PolyRansom.C

11.20150418

nProtect

Win32.Virlock.Gen.1

15.03.13.01

Quick Heal

Trojan.gen.r4

4.15.14.00

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.15416

Sophos

W32/VirRnsm-C

4.98

Total Defense

Win32/Nabucur.C

37.0.11494

Trend Micro House Call

PE_VIRLOCK.B

7.2.108

Trend Micro

PE_VIRLOCK.B

10.465.18

VIPRE Antivirus

Virus.Win32.Nabucur.b

38418

File size:

958 KB (980,992 bytes)

Common path:

C:\users\{user}\downloads\fdb75b23d9c3975e98cea1397754cf80.pe

File PE Metadata

Compilation timestamp:

2/7/2015 1:53:36 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:ILl+yb8HoBeEMciuw+/9AlvhKhVsMAB/g:0lxb8ILZw+/9q8i/g

Entry address:

0x1000

Entry point:

E8, 7D, DA, 0E, 00, 3D, 15, FF, FF, FF, 0F, 85, 88, 00, 00, 00, E8, 67, DA, 0E, 00, E8, 62, DA, 0E, 00, E8, 5D, DA, 0E, 00, E8, 58, DA, 0E, 00, E8, 53, DA, 0E, 00, E8, 4E, DA, 0E, 00, E8, 49, DA, 0E, 00, E8, 44, DA, 0E, 00, E8, 3F, DA, 0E, 00, E8, 3A, DA, 0E, 00, E8, 35, DA, 0E, 00, E8, 30, DA, 0E, 00, E8, 2B, DA, 0E, 00, E8, 26, DA, 0E, 00, E8, 21, DA, 0E, 00, E8, 1C, DA, 0E, 00, E8, 17, DA, 0E, 00, E8, 12, DA, 0E, 00, E8, 0D, DA, 0E, 00, E8, 08, DA, 0E, 00, E8, 03, DA, 0E, 00, E8, FE, D9, 0E, 00, E8, F9... 
[+]

Entropy:

7.8549 (probably packed)

Code size:

951 KB (973,824 bytes)

Remove fdb75b23d9c3975e98cea1397754cf80.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.