home

xp3dec.old

The file xp3dec.old has been detected as malware by 11 anti-virus scanners.
MD5:
ab9ce4fade41a97fe2b51c0e04e959b2

SHA-1:
4e79450f0854fccbb3c3b41b73c0f4b7c799debe

SHA-256:
b1ce91a9d4f75ac577df387489f3233c290eb3a0919cc6857d953e7c6b7d3da5

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/26/2024 1:29:55 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Xema.variant
2014.10.17

Avira AntiVirus
TR/Spy.1699349
7.11.178.236

AVG
SHeur2
2016.0.3219

Bkav FE
W32.HfsReno
1.3.0.4959

IKARUS anti.virus
Trojan-Spy699349
t3scan.1.7.8.0

McAfee
Artemis!AB9CE4FADE41
5600.6875

Norman
Suspicious_Gen2.EOCWD
11.20150124

nProtect
Trojan/W32.Agent.1699349
14.10.16.01

Qihoo 360 Security
Win32/Trojan.Spy.2b0
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.137638B7!326514871
23.00.65.15122

VIPRE Antivirus
Trojan.Win32.Generic
33974

File size:
1.6 MB (1,699,349 bytes)

Common path:
C:\users\{user}\downloads\games\visual novel\swan song\xp3dec.old

File PE Metadata
Compilation timestamp:
5/31/2005 6:11:01 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:/Ng8xUfKf1EAPsuE7JBaLHwJSQZYtAyYHP7lacKyh+y9M7:C8xUfKf1EAy6wJUAyYHP7lacKyh+y9

Entry address:
0xD09E

Entry point:
55, 8B, EC, 60, BB, 9E, D0, 00, 10, 33, C9, 8A, 0D, 3D, D0, 00, 10, 85, C9, 74, 0C, B8, 13, D1, 00, 10, 2B, C3, 83, E8, 05, EB, 0E, 51, B9, 59, D1, 00, 10, 8B, C1, 2B, C3, 03, 41, 01, 59, C6, 03, E9, 89, 43, 01, 51, 68, 09, D0, 00, 10, 33, C0, 85, C9, 74, 05, 8B, 45, 08, EB, 00, 50, E8, 76, 00, 00, 00, 83, C4, 08, 59, 83, F8, 00, 74, 1C, C6, 03, C2, C6, 43, 01, 0C, 85, C9, 74, 09, 61, 5D, B8, 00, 00, 00, 00, EB, 97, 50, A1, 29, D0, 00, 10, FF, D0, 61, 5D, EB, 46, 80, 7C, 24, 08, 00, 75, 3F, 51, 8B, 4C, 24...
 
[+]

Entropy:
7.7937

Packer / compiler:
SafeDisc/SafeCast 2.xx - 3.xx

Code size:
44 KB (45,056 bytes)

Remove xp3dec.old - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.