» ffde45449663d455663f58b2972988d0.pe
Overview
Analysis
File Details

ffde45449663d455663f58b2972988d0.pe

The file ffde45449663d455663f58b2972988d0.pe has been detected as malware by 33 anti-virus scanners.

File name:

MD5:

ffde45449663d455663f58b2972988d0

SHA-1:

6c953da6054c16fb679438ad599224124ae1a8b9

SHA-256:

2c28c291dd04f4d78fe15ca7e9847bfa5badbb6a54178dc9ffb15c70adab5917

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/25/2024 10:42:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Generic.Dld.CWS.FFFEA0F4

658

Agnitum Outpost

Trojan.DL.CWS

7.1.1

AhnLab V3 Security

Win-Trojan/Cws.25088.B

2015.04.09

Avira AntiVirus

TR/Spy.Gen

3.6.1.96

avast!

Win32:CWS-AB [Trj]

2014.9-150418

AVG

Win32/DH{EwMgJWEPCldOZIETgRJc}

2016.0.3136

Baidu Antivirus

Trojan.Win32.CWS

4.0.3.15418

Bitdefender

Dropped:Generic.Dld.CWS.FFFEA0F4

1.0.20.540

Comodo Security

TrojWare.Win32.Downloader.CWS.B

21697

Dr.Web

Trojan.Click.2075

9.0.1.0108

Emsisoft Anti-Malware

Dropped:Generic.Dld.CWS.FFFEA0F4

8.15.04.18.09

ESET NOD32

Win32/TrojanDownloader.CWS (variant)

9.11445

Fortinet FortiGate

W32/CWS.AM!tr.dldr

4/18/2015

F-Prot

W32/CWA.A.gen

v6.4.7.1.166

F-Secure

Dropped:Generic.Dld.CWS.FFFEA0F4

11.2015-18-04_7

G Data

Dropped:Generic.Dld.CWS.FFFEA0F4

15.4.25

IKARUS anti.virus

Trojan-Downloader.Win32.CWS

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15530

Kaspersky

Trojan-Downloader.Win32.CWS

14.0.0.2173

McAfee

Downloader-AQV

5600.6792

MicroWorld eScan

Dropped:Generic.Dld.CWS.FFFEA0F4

16.0.0.324

NANO AntiVirus

Trojan.Win32.CWS.dhwzw

0.30.10.952

Norman

Malware

11.20150418

nProtect

Dropped:Generic.Dld.CWS.FFFEA0F4

15.04.07.01

Panda Antivirus

Generic Malware

15.04.18.09

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.DL.Win32.CWS.am!1173755803

23.00.65.15416

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.108

Trend Micro

TROJ_FORUCON.BMC

10.465.18

Vba32 AntiVirus

TrojanDownloader.CWS

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39184

Zillya! Antivirus

Downloader.CWS.Win32.459

2.0.0.2132

File size:

37 KB (37,888 bytes)

Common path:

C:\users\{user}\downloads\ffde45449663d455663f58b2972988d0.pe

File PE Metadata

Compilation timestamp:

4/4/2007 7:25:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

384:wppGbJ23HvEUjxjoJHBPPlTfVYiJiE07GA3/hZJ6m+vnbxCmdEwPuE:wUuHvDxUPPlTd7APjw/bxXU

Entry address:

0x5A49

Entry point:

55, 8B, EC, 81, EC, 00, 04, 00, 00, 56, 57, E8, D5, D6, FF, FF, E8, 74, ED, FF, FF, E8, 39, F1, FF, FF, E8, 33, F6, FF, FF, 68, 00, 04, 00, 00, 8D, 85, 00, FC, FF, FF, 50, 33, F6, 56, FF, 15, 7C, 60, 40, 00, 56, 68, 80, 00, 00, 00, 6A, 03, 56, 56, 68, 00, 00, 00, 80, 8D, 85, 00, FC, FF, FF, 50, FF, 15, 90, 60, 40, 00, A3, E0, 72, 40, 00, FF, 15, 5C, 60, 40, 00, E8, 3E, E8, FF, FF, E8, ED, F5, FF, FF, 6A, 3C, 33, D2, 8B, C6, 59, F7, F1, 85, D2, 75, 41, FF, 35, D0, 72, 40, 00, E8, 0B, F7, FF, FF, 85, C0, 59... 
[+]

Entropy:

5.8424

Developed / compiled with:

Microsoft Visual C++

Code size:

12 KB (12,288 bytes)

Remove ffde45449663d455663f58b2972988d0.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.