» win6779.exe
Overview
Analysis
File Details
Behaviors (1)

win6779.exe

The executable win6779.exe has been detected as malware by 24 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GameServer54DE’.

File name:

win6779.exe

MD5:

101b06144ef2d3d790859d7c64af9ef2

SHA-1:

26bfbb467c6357df11e292ab0331b153bc72e2ec

SHA-256:

ee6d41d10ad312792fc70614252fb3194614bddb98d001dc579666c68d7661b8

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/26/2024 2:12:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1655136

-40

Avira AntiVirus

TR/Agent.CAOW

7.11.149.10

avast!

Win32:Downloader-VFL [Trj]

2014.9-170316

AVG

Crypt3

2018.0.2438

Baidu Antivirus

Trojan.Win32.Kryptik

4.0.3.17316

Bitdefender

Trojan.GenericKD.1655136

1.0.20.375

Emsisoft Anti-Malware

Trojan.GenericKD.1655136

8.17.03.16.04

ESET NOD32

Win32/Kryptik.CAOW (variant)

11.9786

Fortinet FortiGate

W32/Kryptik.CAOW!tr

3/16/2017

F-Secure

Trojan.GenericKD.1655136

11.2017-16-03_5

G Data

Trojan.GenericKD.1655136

17.3.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12041

McAfee

Artemis!101B06144EF2

5600.6094

MicroWorld eScan

Trojan.GenericKD.1655136

18.0.0.225

NANO AntiVirus

Trojan.Win32.Agent.cxcdob

0.28.0.59608

Norman

Troj_Generic.TVXWE

11.20170316

nProtect

Trojan.GenericKD.1655136

14.05.11.01

Panda Antivirus

Generic Malware

17.03.16.04

Qihoo 360 Security

HEUR/Malware.QVM05.Gen

1.0.0.1015

Sophos

Troj/Agent-AGUE

4.98

Trend Micro House Call

TROJ_KRYPTK.YSK

7.2.75

Trend Micro

TROJ_KRYPTK.YSK

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

29110

File size:

185.5 KB (189,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\mywordtool\win6779.exe

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x1C2B8

Entry point:

55, 8B, EC, 83, C4, D8, 53, 56, 57, 33, C0, 89, 45, D8, 89, 45, DC, 89, 45, E0, 89, 45, E4, B8, 08, C2, 41, 00, E8, 5F, 98, FE, FF, 33, C0, 55, 68, 0E, D6, 41, 00, 64, FF, 30, 64, 89, 20, B8, B4, F8, 41, 00, E8, C7, 78, FE, FF, C7, 05, B8, F8, 41, 00, 6E, A3, 01, 00, C7, 05, BC, F8, 41, 00, 6E, A3, 01, 00, C7, 05, C0, F8, 41, 00, 6E, A3, 01, 00, 66, C7, 05, C4, F8, 41, 00, 47, 01, 66, C7, 05, C6, F8, 41, 00, 47, 01, 66, C7, 05, C8, F8, 41, 00, 47, 01, C6, 05, CA, F8, 41, 00, 7F, C6, 05, CB, F8, 41, 00, 7F... 
[+]

Entropy:

6.8280

Developed / compiled with:

Microsoft Visual C++

Code size:

114 KB (116,736 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

GameServer54DE

Command:

"C:\users\{user}\appdata\roaming\mywordtool\win6779.exe"

Remove win6779.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.