» windows32.exe
Overview
Analysis
File Details
Behaviors (1)

windows32.exe

The executable windows32.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘724f20c0f1fdd8c4c01b40f4e3534c2b’. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information.

File name:

windows32.exe

MD5:

cf484dd4bbb757d60977e3c5c0c71d92

SHA-1:

8fc4e0ad1f53ae92a19484fda5dc82af3a8b8179

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/7/2024 10:21:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.67707

354

Avira AntiVirus

TR/ATRAPS.Gen

8.3.2.4

Arcabit

Trojan.Zusy.D1087B

1.0.0.629

avast!

MSIL:Agent-CTT [Trj]

2014.9-160215

AVG

PSW.ILUSpy

2017.0.2832

Bitdefender

Gen:Variant.Zusy.67707

1.0.20.230

Clam AntiVirus

Win.Backdoor.Bladabindi-1

0.98/21511

Comodo Security

TrojWare.MSIL.Bladabindi.KX

23796

Dr.Web

Trojan.DownLoader10.19759

9.0.1.046

Emsisoft Anti-Malware

Gen:Variant.Zusy.67707

8.16.02.15.07

ESET NOD32

MSIL/Bladabindi.AS (variant)

10.12751

Fortinet FortiGate

MSIL/Agent.PPV!tr

2/15/2016

F-Prot

W32/MSIL_Bladabindi.L.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Zusy.67707

11.2016-15-02_2

G Data

Gen:Variant.Zusy.67707

16.2.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18161

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.656

Malwarebytes

Trojan.Agent.MSIL

v2016.02.15.07

McAfee

BackDoor-NJRat!CF484DD4BBB7

5600.6488

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AJ

1.1.12400.0

MicroWorld eScan

Gen:Variant.Zusy.67707

17.0.0.138

NANO AntiVirus

Trojan.Win32.DownLoader10.ctopxm

1.0.10.5081

Panda Antivirus

Trj/GdSda.A

16.02.15.07

Quick Heal

Backdoor.Bladabindi.AL3

2.16.14.00

Rising Antivirus

PE:Backdoor.MSIL.Bladabindi!1.9E49 [F]

23.00.65.16213

Sophos

Mal/Bbindi-C

4.98

Trend Micro House Call

BKDR_BLADABI.SMC

7.2.46

Trend Micro

BKDR_BLADABI.SMC

10.465.15

VIPRE Antivirus

Backdoor.MSIL.Bladabindi.a

45948

File size:

159.5 KB (163,328 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\windows32.exe

File PE Metadata

Compilation timestamp:

9/19/2015 12:56:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:9AF4WISJ5xb0ohHzrI3UVIV7L1aTOFoO/6+h3Iw:2FL55xb0ohTrOUVo7L1/VPh3P

Entry address:

0x893E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.4057

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

26.5 KB (27,136 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

724f20c0f1fdd8c4c01b40f4e3534c2b

Command:

"C:\Documents and Settings\{user}\Local settings\temp\windows32.exe"..

Remove windows32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.