home

windows sesion manager.exe

cEdit

Acksoft

The executable windows sesion manager.exe has been detected as malware by 33 anti-virus scanners. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware.
Publisher:
Acksoft

Product:
cEdit

Version:
1.00

MD5:
d31db1e2869dadf06d74b96e2a5e71c1

SHA-1:
d3c1673c55046cd70bd0ef5278e5d47403d58ec1

SHA-256:
89915e7712d7ddb062827da4c37cd9e7492ceb9c0f8ffb4555da719d4cf03ede

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
4/26/2024 12:20:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.96276
920

Agnitum Outpost
Trojan.Blocker
7.1.1

Avira AntiVirus
TR/Agent.1030046.1
7.11.163.108

avast!
Win32:Malware-gen
2014.9-140729

AVG
Generic_vb
2015.0.3398

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.14729

Bitdefender
Gen:Variant.Zusy.96276
1.0.20.1050

Comodo Security
UnclassifiedMalware
18744

Dr.Web
Trojan.Siggen6.19503
9.0.1.0210

Emsisoft Anti-Malware
Gen:Variant.Zusy.96276
8.14.07.29.09

ESET NOD32
Win32/Injector.BEUV (variant)
8.10138

Fortinet FortiGate
W32/Blocker.ETEY!tr
7/29/2014

F-Secure
Gen:Variant.Zusy.96276
11.2014-29-07_3

G Data
Gen:Variant.Zusy.96276
14.7.24

IKARUS anti.virus
Trojan.Win32.IRCBot
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12806

Kaspersky
Trojan-Ransom.Win32.Blocker
14.0.0.3486

Malwarebytes
Trojan.Ransom
v2014.07.29.09

McAfee
Artemis!0DD3C6990D60
5600.7054

Microsoft Security Essentials
Trojan:Win32/Malagent!gmb
1.10802

MicroWorld eScan
Gen:Variant.Zusy.96276
15.0.0.630

NANO AntiVirus
Trojan.Win32.Blocker.dbeifl
0.28.0.60577

Norman
Suspicious_Gen4.GOMPD
11.20140729

nProtect
Trojan.GenericKD.1721542
14.07.02.01

Panda Antivirus
Trj/CI.A
14.07.29.09

Qihoo 360 Security
Win32/Trojan.Ransom.963
1.0.0.1015

Rising Antivirus
PE:Trojan.VBInject!1.64FE
23.00.65.14727

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0DGM14
7.2.210

Trend Micro
TROJ_GEN.R0CBC0DGM14
10.465.29

Vba32 AntiVirus
Hoax.Blocker
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
31506

Zillya! Antivirus
Trojan.Blocker.Win32.18516
2.0.0.1844

File size:
1006 KB (1,030,172 bytes)

Product version:
1.00

Original file name:
cEdit.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\windows sesion manager.exe

File PE Metadata
Compilation timestamp:
5/23/2014 2:36:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:QZMkeU46hnRlLmZk6JTNYbHR5Pf2xO96ayyc:mMkE6hTqk2iLGxU6ayyc

Entry address:
0x3078

Entry point:
68, 64, 59, 40, 00, E8, EE, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, DD, 63, 96, AF, F4, 02, 05, 44, 86, 60, EF, 7C, 34, 39, EE, 3B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 7A, 7A, 5E, C3, 5E, C3, 63, 45, 64, 69, 74, 00, 07, EC, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 0E, 00, 00, 00, B8, 47, 8F, 06, 09, 31, 63, 4A, 8D, 06, 89, 69, 86, 57, F7, 4A, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
236 KB (241,664 bytes)

Remove windows sesion manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.