» winmgr.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

winmgr.exe

Qt Designer

Digia Plc and/or its subsidiary(-ies)

The application winmgr.exe has been detected as a potentially unwanted program by 31 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from evaporez.com.

File name:

winmgr.exe

Publisher:

Digia Plc and/or its subsidiary(-ies)

Product:

Qt Designer

Version:

1.0.0.0

MD5:

78ea999bc52a613d58d9d89095326257

SHA-1:

496d74514243a29e5483630cbd2a8246691d7434

SHA-256:

16792f3ad7b4a8cbd6da45ae6d39256b1e68f95db9b5568fd4c2f434fe254971

Scanner detections:

31 / 68

Status:

Potentially unwanted

Analysis date:

5/2/2024 1:33:04 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2856080

353

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Limitail

2015.11.26

avast!

Win32:Malware-gen

2014.9-160216

AVG

Inject3

2017.0.2831

Baidu Antivirus

Trojan.Win32.Injector

4.0.3.16216

Bitdefender

Trojan.GenericKD.2856080

1.0.20.235

Bkav FE

W32.PiscarttoLTAG.Trojan

1.3.0.7383

Comodo Security

UnclassifiedMalware

23656

Dr.Web

Trojan.Inject2.8376

9.0.1.047

Emsisoft Anti-Malware

Trojan.GenericKD.2856080

8.16.02.16.01

ESET NOD32

Win32/Injector.CMAR (variant)

10.12625

Fortinet FortiGate

W32/Agent.NETDRM!tr

2/16/2016

F-Secure

Trojan.GenericKD.2856080

11.2016-16-02_3

G Data

Trojan.GenericKD.2856080

16.2.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.17972

Kaspersky

Trojan.Win32.Agent.netdrm

14.0.0.652

McAfee

Artemis!78EA999BC52A

5600.6487

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12300.0

MicroWorld eScan

Trojan.GenericKD.2856080

17.0.0.141

NANO AntiVirus

Trojan.Win32.Agent.dyoyju

0.30.26.4751

nProtect

Trojan.GenericKD.2856080

15.11.25.01

Panda Antivirus

Trj/CI.A

16.02.16.01

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1077

Quick Heal

Trojan.Agen.r8

2.16.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R02SC0EKE15

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

45426

ViRobot

Trojan.Win32.Z.Agent.840704.F[h]

2014.3.20.0

Zillya! Antivirus

Adware.Eorezo.Win32.17747

2.0.0.2527

File size:

821 KB (840,704 bytes)

Product version:

1.0.0.0

Original file name:

designer.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\m-50346504587908547906802850\winmgr.exe

File PE Metadata

Compilation timestamp:

1/16/2015 11:35:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:M7rZOtEIF003qWoVoyfCwksOC/8tQrrNPzN+Sei1niG6vheKRtowvq5HL4S1ulx4:AZXo1qW4oZ89JvNPjeMniG6vheQ34

Entry address:

0xA881C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 0C, 86, 4A, 00, E8, F4, E1, F5, FF, A1, 88, 04, 4B, 00, 8B, 00, E8, 38, DB, FA, FF, 8B, 0D, FC, 05, 4B, 00, A1, 88, 04, 4B, 00, 8B, 00, 8B, 15, 6C, 7D, 4A, 00, E8, 38, DB, FA, FF, A1, 88, 04, 4B, 00, 8B, 00, E8, AC, DB, FA, FF, E8, 47, BB, F5, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

670.5 KB (686,592 bytes)

Windows Firewall Allowed Program

Name:

C:\Windows\M-50346504587908547906802850\winmgr.exe

The file winmgr.exe has been seen being distributed by the following URL.

http://evaporez.com/ttt.exe

Remove winmgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.