» windows application.exe
Overview
Analysis
File Details
Downloads (1)

windows application.exe

Remote Service Application

Microsoft Corp.

The executable windows application.exe has been detected as malware by 42 anti-virus scanners. The file has been seen being downloaded from www.qfpost.com.

File name:

Publisher:

Microsoft Corp.

Product:

Remote Service Application

Version:

1, 0, 0, 1

MD5:

9f77d6f9e6a3f6078b64dc1606a0ccc6

SHA-1:

6aa416d2f10c61eefecb61373fc61c1e57586925

SHA-256:

b02a867e6e03d804c0d9bccca284c211b8ff6cb3588fcfd09fbdd9157b2b1c65

Scanner detections:

42 / 68

Status:

Malware

Analysis date:

4/20/2024 1:34:16 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Fynloski.C

995

AhnLab V3 Security

Backdoor/Win32.Graybird

14.05.15

Avira AntiVirus

BDS/Backdoor.Gen

7.11.30.172

avast!

Win32:Agent-ASXK [Trj]

2014.9-140515

AVG

BackDoor.Delf

2015.0.3473

Baidu Antivirus

Backdoor.Win32.DarkKomet

4.0.3.14515

Bitdefender

Backdoor.Fynloski.C

1.0.20.675

Bkav FE

W32.OnGamesLTKVPOK.Trojan

1.3.0.4959

Clam AntiVirus

WIN.Trojan.DarkKomet

0.98/18989

Comodo Security

Backdoor.Win32.Agent.XAB

17930

Dr.Web

BackDoor.Comet.884

9.0.1.0135

Emsisoft Anti-Malware

Backdoor.Fynloski

8.14.05.15.01

ESET NOD32

Win32/Fynloski.AA

8.9545

Fortinet FortiGate

W32/DarkKomet.ID!tr.bdr

5/15/2014

F-Prot

W32/Downloader.C.gen

v6.4.7.1.166

F-Secure

Backdoor.Fynloski.C

11.2014-15-05_5

G Data

Backdoor.Fynloski

14.5.24

IKARUS anti.virus

Trojan.Win32.CDur

t3scan.2.2.29

K7 AntiVirus

Backdoor

13.176.11451

Kaspersky

Backdoor.Win32.DarkKomet

14.0.0.3862

Malwarebytes

Backdoor.Agent.DCRSAGen

v2014.05.15.01

McAfee

Generic BackDoor.xa

5600.7129

Microsoft Security Essentials

Threat.Undefined

1.173.2153.0

MicroWorld eScan

Backdoor.Fynloski.C

15.0.0.405

NANO AntiVirus

Trojan.Win32.DarkKomet.cssoim

0.28.0.58394

Norman

Downloader.HJVR

11.20140515

nProtect

Trojan/W32.Agent.673280.BU

14.03.15.01

Panda Antivirus

Trj/Packed.B

14.05.15.01

Qihoo 360 Security

Malware.QVM05.Gen

1.0.0.1015

Quick Heal

Backdoor.Fynloski.A9

5.14.12.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.5.15.13

Rising Antivirus

PE:Trojan.Win32.Generic.12D83427!316159015

23.00.65.14513

Sophos

Troj/Backdr-ID

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Fynloski

10604

Total Defense

Win32/Fynloski.dBUBcfD

37.0.10818

Trend Micro House Call

TROJ_AGENT_058807.TOMB

7.2.135

Trend Micro

TROJ_AGENT_058807.TOMB

10.465.15

Vba32 AntiVirus

Backdoor.DarkKomet.aagt

3.12.24.3

VIPRE Antivirus

Backdoor.Win32.Fynloski.A

27388

ViRobot

Backdoor.Win32.Agent.674304.A

2011.4.7.4223

XVirus List

Win.Detected

2.3.31

Zillya! Antivirus

Backdoor.DarkKomet.Win32.522

2.0.0.1789

File size:

658 KB (673,792 bytes)

Product version:

4, 0, 0, 0

Original file name:

MSRSAAP.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/7/2012 4:59:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:q9HFJ9rJxRX1uVVjoaWSoynxdO1FVBaOiRZTERfIhNkNCCLo9Ek5C/hs:mZ1xuVVjfFoynPaVBUR8f+kN10EBe

Entry address:

0x8F888

Entry point:

55, 8B, EC, B9, 30, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, E0, E3, 48, 00, E8, 2F, 7E, F7, FF, 33, C0, 55, 68, 56, 06, 49, 00, 64, FF, 30, 64, 89, 20, 6A, 00, E8, 2A, 07, F8, FF, A1, B0, 48, 49, 00, C6, 00, 01, E8, 21, B7, FF, FF, B2, 01, A1, 80, DE, 48, 00, E8, 19, E6, FF, FF, A3, E8, C3, 49, 00, 33, D2, 55, 68, 09, FA, 48, 00, 64, FF, 32, 64, 89, 22, 8D, 4D, EC, BA, 70, 06, 49, 00, A1, E8, C3, 49, 00, E8, 68, E6, FF, FF, 8B, 55, EC, A1, 38, 4B, 49, 00, E8, 7F, 5C, F7, FF, 8D, 55, E0... 
[+]

Entropy:

6.6170

Developed / compiled with:

Microsoft Visual C++

Code size:

573 KB (586,752 bytes)

The file windows application.exe has been seen being distributed by the following URL.

http://www.qfpost.com/downloadfile.do

Remove windows application.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.