» wcrash.exe
Overview
Analysis
File Details

wcrash.exe

The executable wcrash.exe has been detected as malware by 34 anti-virus scanners.

File name:

wcrash.exe

MD5:

c1fc1fd5a9ba2f38edc8baf6c527d05e

SHA-1:

0840756108360037112e2bfa2919762059fed0b4

SHA-256:

bc2384640704d0674ab95097ded37f7a9d2e934b2fdf00f3a18410ce2e3972e9

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/29/2024 9:53:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.447258

-40

Agnitum Outpost

Trojan.Kovter

7.1.1

AhnLab V3 Security

Trojan/Win32.Kovter

2015.02.19

Avira AntiVirus

TR/Crypt.EPACK.28344

7.11.210.224

avast!

Win32:MalOb-LQ [Cryp]

2014.9-170316

AVG

Crypt_s

2018.0.2438

Baidu Antivirus

Trojan.Win32.Kovter

4.0.3.17316

Bitdefender

Gen:Variant.Kazy.447258

1.0.20.375

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

UnclassifiedMalware

21124

Dr.Web

Trojan.Kovter.15

9.0.1.075

Emsisoft Anti-Malware

Gen:Variant.Kazy.447258

8.17.03.16.01

ESET NOD32

Win32/Kovter

11.11195

Fortinet FortiGate

W32/Kovter.A!tr

3/16/2017

F-Secure

Gen:Variant.Kazy.447258

11.2017-16-03_5

G Data

Gen:Variant.Kazy.447258

17.3.25

IKARUS anti.virus

Trojan.Win32.Kovter

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.196.15005

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1315

Malwarebytes

Trojan.Agent.ED

v2017.03.16.01

McAfee

Kovter-FESX!C1FC1FD5A9BA

5600.6094

Microsoft Security Essentials

Trojan:Win32/Kovter.C

1.1.11400.0

MicroWorld eScan

Gen:Variant.Kazy.447258

18.0.0.225

NANO AntiVirus

Trojan.Win32.Yakes.deocga

0.30.0.126

Norman

Kryptik.CDYA

11.20170316

Panda Antivirus

Trj/Genetic.gen

17.03.16.01

Qihoo 360 Security

Win32/Trojan.67e

1.0.0.1015

Quick Heal

Trojan.Sirefef.A

3.17.14.00

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.17314

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.29I014

7.2.75

Trend Micro

TROJ_SPNR.29I014

10.465.16

Vba32 AntiVirus

Trojan.Badur

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

37676

File size:

180 KB (184,367 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\wcrash.exe

File PE Metadata

Compilation timestamp:

8/24/2014 8:32:30 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

26.10

Entry address:

0xE451

Entry point:

6A, 90, 58, E9, 32, FD, FF, FF, 51, 8B, C2, 2B, DE, 58, E8, 93, FD, FF, FF, 50, 03, DF, E8, 3F, FD, FF, FF, 58, 33, C9, 03, F3, 89, 15, 85, 97, 42, 00, 42, 05, 3C, 0B, 00, 00, 4E, 03, F0, 5F, 5E, 2B, D5, 01, 15, DE, 19, 42, 00, 5B, 5A, 5D, 59, 40, 51, FF, 34, 24, 48, 50, 8B, 6C, 24, 0C, C3, 55, 52, 53, 56, 57, BB, A7, 45, 06, 7A, 2B, 2D, C0, 03, 41, 00, 8B, 44, 24, 14, 21, D5, 50, 03, E9, 89, 1D, 03, FC, 41, 00, 8D, 2C, 40, E8, 3D, FC, FF, FF, 50, 03, EA, E8, 1C, 00, 00, 00, 43, 03, DF, 89, 1D, C5, 5A, 42... 
[+]

Entropy:

7.3432

Code size:

53.5 KB (54,784 bytes)

Remove wcrash.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.