» wire_bank_doc.pdf.scr
Overview
Analysis
File Details

wire_bank_doc.pdf.scr

Avant Force

The file wire_bank_doc.pdf.scr has been detected as malware by 17 anti-virus scanners.

File name:

Publisher:

Anubis AV Checker (signed by Avant Force)

Product:

Anubis AV Checker

Version:

1.0.3.15

MD5:

1b5d383a935da4d732c178d420eac6e2

SHA-1:

6440c6ac002b03788a9b00c07784ce571c5a340e

SHA-256:

50ed293b83e913efcab07f09b65a42dabb18978ff5b5d0b9a5fbc266e4ae2c2f

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

12/19/2025 4:39:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.MSIL.Lynx.49

-31

AhnLab V3 Security

Trojan/Win32.Farfli

2016.05.07

Avira AntiVirus

TR/Dropper.MSIL.mqqa

8.3.3.4

Arcabit

Trojan.MSIL.Lynx.49

1.0.0.672

avast!

Win32:Malware-gen

2014.9-170306

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.1736

Bitdefender

Gen:Variant.MSIL.Lynx.49

1.0.20.325

Emsisoft Anti-Malware

Gen:Variant.Razy.44712

8.17.03.06.12

ESET NOD32

MSIL/Kryptik.FXQ (variant)

11.13451

Fortinet FortiGate

MSIL/Injector.OVM!tr

3/6/2017

F-Secure

Gen:Variant.Razy.44712

11.2017-06-03_2

G Data

Gen:Variant.MSIL.Lynx.49

17.3.25

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1268

McAfee

Trojan-FIKK!1B5D383A935D

5600.6103

MicroWorld eScan

Gen:Variant.MSIL.Lynx.49

18.0.0.195

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

49198

File size:

668.7 KB (684,792 bytes)

Product version:

1.0.3.15

Anubis AV Checker 2016

Original file name:

FOLOG.scr

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\wire_bank_doc.pdf.scr

Digital Signature

Signed by:

Avant Force

Authority:

VeriSign, Inc.

Valid from:

6/18/2014 4:30:00 AM

Valid to:

8/17/2017 4:29:59 AM

Subject:

CN=Avant Force, OU=IT, O=Avant Force, L=Beijing, S=Beijing, C=CN

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

632B942C1CB2283388E8D6E9212D0AC7

File PE Metadata

Compilation timestamp:

4/27/2016 5:36:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x7846E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7094

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

473.5 KB (484,864 bytes)

Remove wire_bank_doc.pdf.scr - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.