» winrsnbc.exe
Overview
Analysis
File Details
Behaviors (1)

winrsnbc.exe

DivX Player

The executable winrsnbc.exe has been detected as malware by 22 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘MicrosoftCFGDriver’.

File name:

winrsnbc.exe

Product:

DivX Player

Version:

0.00

MD5:

22ad083d89246b61ff1102aaf77c4bd0

SHA-1:

df0d92d47b016c95232ee6e1f0370a1f37ca89d8

SHA-256:

a9462ef5cbb316868ba769a244ad56b46c22806cfb14ff36121295f447a952f0

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/27/2024 4:21:45 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.VBKrypt

2012.05.23

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:Malware-gen

2014.9-170316

AVG

Generic21

2018.0.2438

Bitdefender

Trojan.Generic.5719629

1.0.20.375

Dr.Web

Trojan.MulDrop3.19959

9.0.1.075

Emsisoft Anti-Malware

Gen.Variant.Kazy!IK

8.17.03.16.10

ESET NOD32

Win32/Injector.KYX (variant)

11.7159

Fortinet FortiGate

W32/VBInjector.W!tr

3/16/2017

F-Secure

Trojan.Generic.5719629

11.2017-16-03_5

G Data

Trojan.Generic.5719629

17.3.22

IKARUS anti.virus

Gen.Variant.Kazy

t3scan.1.1.118.0

Kaspersky

Trojan.Win32.VBKrypt

14.0.0.-1317

McAfee

Artemis!22AD083D8924

5600.6094

Microsoft Security Essentials

Trojan:Win32/Remhead

1.163.1557.0

Norman

W32/Troj_Generic.AYSVZ

11.20170316

nProtect

Trojan.Generic.5719629

12.05.22.01

Panda Antivirus

Trj/CI.A

17.03.16.10

Sophos

Mal/VBCheMan-A

4.77

Vba32 AntiVirus

Trojan.VB.Schmidti

3.12.16.4

VIPRE Antivirus

LooksLike.Win32.Malware!h

11950

ViRobot

Trojan.Win32.A.VBKrypt.73728.AW

2011.4.7.4223

File size:

112 KB (114,688 bytes)

Product version:

0.00

Original file name:

VfDjNcJQiqg.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\public\msj-driver-4532-56324-6224\winrsnbc.exe

File PE Metadata

Compilation timestamp:

1/2/2011 7:10:57 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x1758

Entry point:

68, E8, 1A, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, E7, F1, 33, D0, 06, 31, 3C, 4B, 87, 67, 53, 23, A1, 46, 0C, 37, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 8E, 57, 01, 44, 69, 76, 58, 50, 6C, 61, 79, 65, 72, 65, 78, 65, 00, 41, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, BF, CA, 6D, 81, 16, FA, A2, 41, 88, BB, 7D, B0, AE, 71, AA, D7, 31, 66, A7, FB, C5, 1C, 38, 4A, A5, FB, 93, 5C, 93, DB, F9, 78, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

48 KB (49,152 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MicrosoftCFGDriver

Command:

C:\users\public\msj-driver-4532-56324-6224\winrsnbc.exe

Remove winrsnbc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.