home

vs959gqs.0cd

InstallShield

Flexera Software LLC

The file vs959gqs.0cd, “InstallShield (R) Setup Engine” has been detected as malware by 7 anti-virus scanners.
Publisher:
Flexera Software LLC

Product:
InstallShield

Description:
InstallShield (R) Setup Engine

Version:
19.0.160

MD5:
a869ef03eef70eb5ba0f45721a3f1c89

SHA-1:
e1b9680fe5dca1cb79748b0a0abed3a389961e1d

SHA-256:
589ddaf550219ea236b82897d6898122cc7d8d6ec980e4736d28ba14f934ede5

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
7/7/2025 8:45:17 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
150101-1

AVG
Win32/Heur
2014.0.4253

Comodo Security
TrojWare.Win32.PSW.GamePass.E
21446

ESET NOD32
Win32/RiskWare.PEMalform.B application
7.0.302.0

Fortinet FortiGate
W32/Onlinegames.ASE!tr
3/18/2015

NANO AntiVirus
Trojan.Win32.Banz.comyw
0.30.8.659

Rising Antivirus
PE:Packer.Win32.Crypt.eg!1075333760
23.00.65.15316

File size:
1.9 MB (2,027,520 bytes)

Product version:
19.0

Copyright:
Copyright (c) 2012 Flexera Software LLC. All Rights Reserved.

Original file name:
iKernel.dll

Language:
English (United States)

Common path:
C:\ProgramData\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\application data\trend micro\amsp\temp\virus\vs959gqs.0cd

File PE Metadata
Compilation timestamp:
4/25/2012 1:55:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:fwYmajn5f5shx17KLECdfzACPt+G2bt0EAfcQwkmC/B2FMHkV5:jmajn5ihxxKvlzPP0GetnTPkmCX+5

Entry address:
0x1ED6B0

Entry point:
53, 57, 56, 55, E8, 00, 00, 00, 00, 5D, 81, ED, 4C, 13, 00, 10, 8D, B5, 43, 13, 00, 10, 8B, 46, FC, 83, C0, 04, 2B, F0, FC, 8B, DE, 8B, 56, 08, 8B, 76, 1C, 03, F2, 8D, BD, 2F, 1F, 00, 10, AD, AB, AD, AB, AD, AB, AD, AB, 90, 83, 7B, 48, 01, 74, 15, 8B, 73, 44, 85, F6, 74, 0E, B9, 23, 00, 00, 00, 03, F2, 8B, 7B, 40, 03, FA, F3, A4, 8B, F3, 8D, BD, 1B, 1F, 00, 10, 01, 2F, 01, 6F, 04, 01, 6F, 08, 8D, 8D, FF, 1E, 00, 10, 51, E8, 46, 01, 00, 00, 90, 90, 90, 90, 90, 90, 90, 90, 8B, 4E, 2C, 89, 8D, 2B, 1F, 00, 10...
 
[+]

Code size:
1.2 MB (1,249,280 bytes)

Remove vs959gqs.0cd - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.