home

xxh17.exe

Trojan Remover

NGO

The executable xxh17.exe has been detected as malware by 35 anti-virus scanners.
Publisher:
Simply Super Software  (signed by NGO)

Product:
Trojan Remover

Version:
6.8.6.2617

MD5:
fc9a4ea751568c3dc683b488b36ad130

SHA-1:
dd825cbe707b54a6848d5805677a316dc61c84a2

Scanner detections:
35 / 68

Status:
Malware

Analysis date:
5/8/2024 3:01:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDV.1025709
1000

Agnitum Outpost
Trojan.FakeAV
7.1.1

AVG
Win32/Heur
2015.0.3478

Baidu Antivirus
Trojan.Win32.FakeAV
4.0.3.14511

Bitdefender
Trojan.GenericKDV.1025709
1.0.20.655

Bkav FE
W32.Clod22e.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
18000

Dr.Web
Trojan.Fakealert.39145
9.0.1.0131

Emsisoft Anti-Malware
Trojan.GenericKDV.1025709
8.14.05.11.11

Fortinet FortiGate
W32/FakeAV.RMUM!tr
5/11/2014

F-Secure
Trojan.GenericKDV.1025709
11.2014-11-05_1

G Data
Trojan.GenericKDV.1025709
14.5.24

IKARUS anti.virus
Virus.Win32.Heur
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11566

Kaspersky
Trojan.Win32.FakeAV
14.0.0.3883

McAfee
Artemis!FC9A4EA75156
5600.7134

MicroWorld eScan
Trojan.GenericKDV.1025709
15.0.0.393

NANO AntiVirus
Trojan.Win32.FakeAV.cscnth
0.28.0.58720

Norman
Troj_Generic.LTURO
11.20140511

nProtect
Trojan.GenericKDV.1025709
14.03.27.01

Panda Antivirus
Trj/Genetic.gen
14.05.11.11

Quick Heal
Trojan.FakeAV.rmum
5.14.12.00

Rising Antivirus
PE:Trojan.Win32.Generic.1578C5F5!360236533
23.00.65.14509

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0ELK13
7.2.131

Trend Micro
TROJ_GEN.R0CBC0ELK13
10.465.11

Vba32 AntiVirus
Trojan.FakeAV
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27772

ViRobot
Trojan.Win32.A.FakeAV.4955384
2011.4.7.4223

File size:
4.7 MB (4,955,384 bytes)

Product version:
6.8.6

Copyright:
© 1999-2013 Simply Super Software

Original file name:
RMVTRJAN.EXE

File type:
Executable application (Win32 EXE)

Language:
Ingilizce (Ingiltere)

Common path:
C:\Documents and Settings\{user}\Application data\simply super software\trojan remover\xxh17.exe

Digital Signature
Signed by:
NGO

Authority:
NGO

Valid from:
5/12/2013 3:16:00 AM

Valid to:
1/1/2040 1:59:00 AM

Subject:
CN=NGO

Issuer:
CN=NGO

Serial number:
7C35110EECCF05834FCD1D1AE6450AD4

File PE Metadata
Compilation timestamp:
9/10/1987 9:27:18 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
83.82

CTPH (ssdeep):
49152:QyQFj1mZzQSgS3lf2ub4C4qLzu9orxOrYsRreMm3/BghlZCh:e1uzXB3hn4d8u9orFsFNlIh

Entry address:
0xC9A001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, A0, C9, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Packer / compiler:
ASPack v2.12

Code size:
704 KB (720,896 bytes)

Remove xxh17.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.