» wim.exe
Overview
Analysis
File Details

wim.exe

Windows 10 Key

The application wim.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

wim.exe

Publisher:

Microsoft* (Invalid match)

Product:

Windows 10 Key

Version:

1.0.0.0

MD5:

89381227453a39c66f15a81036906d83

SHA-1:

8a105121a1773ebd2dfee82d1b5f5add3355e490

SHA-256:

d39f6b0e83061a95f811db14e0e6b089825ad342df7650f8f970821ebb7f26a7

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:21:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2615187

517

Agnitum Outpost

Trojan.Disfa

7.1.1

Avira AntiVirus

TR/AD.Bladabindi.Y.1010

8.3.1.6

Arcabit

Trojan.Generic.D27E793

1.0.0.425

avast!

MSIL:Zbot-X [Trj]

2014.9-150905

AVG

Atros

2016.0.2995

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.1595

Bitdefender

Trojan.GenericKD.2615187

1.0.20.1240

Emsisoft Anti-Malware

Trojan.GenericKD.2615187

8.15.09.05.03

ESET NOD32

MSIL/Kryptik.BJA (variant)

9.12071

Fortinet FortiGate

MSIL/Kryptik.BJA!tr

9/5/2015

F-Secure

Trojan.GenericKD.2615187

11.2015-05-09_7

G Data

Trojan.GenericKD.2615187

15.9.25

IKARUS anti.virus

Trojan.MSIL.Crypt

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16837

Kaspersky

Trojan.MSIL.Disfa

14.0.0.1472

Malwarebytes

Trojan.Agent.DTH

v2015.09.05.03

McAfee

RDN/Generic BackDoor

5600.6651

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.11903.0

MicroWorld eScan

Trojan.GenericKD.2615187

16.0.0.744

NANO AntiVirus

Trojan.Win32.Disfa.duwqba

0.30.24.3079

nProtect

Trojan.GenericKD.2615187

15.08.10.01

Panda Antivirus

Trj/CI.A

15.09.05.03

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.18EA15CE!417994190

23.00.65.15903

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R047C0DH815

10.465.05

VIPRE Antivirus

Trojan.Win32.Generic

42766

File size:

261 KB (267,264 bytes)

Product version:

1.0.0.0

Original file name:

Windows 10 Key.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\wim.exe

File PE Metadata

Compilation timestamp:

8/6/2015 8:41:47 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:oih5GEVWdBTDsykLyjHItjUCAih5GEVx7MhCuQWwxLkwRlWjAfLwn3VpIPJkAX5R:oi2Rd9sjKotgCAi2ph1wYUwn3VpEJk1

Entry address:

0x3FB6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

247 KB (252,928 bytes)

Remove wim.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.