home

10985559.exe

foobar2000

Peter Pawlowski

The executable 10985559.exe, “foobar2001 shell extension” has been detected as malware by 28 anti-virus scanners.
Publisher:
Peter Pawlowski

Product:
foobar2000

Description:
foobar2001 shell extension

Version:
1.0.0.7

MD5:
105a157778f377b7d38305a1a9c0f91b

SHA-1:
c6d0c093b11ecd4669a4bd24a0738c0edbc69569

SHA-256:
074fdf7a2144afb2bbd98775c610a82ca1c75f79b957a87f5bf8d316ac710a28

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
5/5/2024 8:07:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.243358
-40

Agnitum Outpost
Trojan.Necurs
7.1.1

AhnLab V3 Security
Dropper/Win32.Necurs
2013.12.04

Avira AntiVirus
TR/Necurs.A.270
7.11.117.174

avast!
Win32:Malware-gen
2014.9-170315

AVG
Crypt2
2018.0.2438

Baidu Antivirus
Trojan.Win32.Necurs
4.0.3.17315

Bitdefender
Gen:Variant.Kazy.243358
1.0.20.370

Comodo Security
UnclassifiedMalware
17381

Emsisoft Anti-Malware
Gen:Variant.Kazy.243358
8.17.03.15.01

ESET NOD32
Win32/Kryptik.BJXS (variant)
11.9127

Fortinet FortiGate
W32/Necurs.AU!tr
3/15/2017

G Data
Gen:Variant.Kazy.243358
17.3.22

IKARUS anti.virus
Trojan.Win32.Necurs
t3scan.2.2.29

Kaspersky
Trojan-Dropper.Win32.Necurs
14.0.0.-1313

Malwarebytes
Trojan.Agent
v2017.03.15.01

McAfee
RDN/Generic.dx!cqn
5600.6094

Microsoft Security Essentials
Trojan:Win32/Necurs.gen!A
1.163.1557.0

MicroWorld eScan
Gen:Variant.Kazy.243358
18.0.0.222

Norman
Necurs.AF
11.20170315

Panda Antivirus
Generic Malware
17.03.15.01

Quick Heal
Trojan.Necurs
3.17.12.00

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.17313

Sophos
Troj/Necurs-AU
4.95

Trend Micro House Call
TROJ_GEN.R01TC0DJ413
7.2.74

Trend Micro
TROJ_GEN.R01TC0DJ413
10.465.15

Vba32 AntiVirus
SScope.Malware-Cryptor.01499
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Kryptik.y
23994

File size:
66.5 KB (68,096 bytes)

Product version:
0.9.7

Copyright:
(c) Peter Pawlowski. All rights reserved.

Original file name:
Fb2kShellExt.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\10985559.exe

File PE Metadata
Compilation timestamp:
9/7/2013 10:21:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x8B2E

Entry point:
68, F5, 3A, 40, 00, 41, C3, 14, 65, 65, 81, C7, BC, 00, E8, 00, 5E, 65, FF, 39, 50, A6, 28, 45, 40, 00, 4F, C0, FF, 00, 00, 00, 41, 40, D7, 81, 74, 01, 01, 00, F6, 78, 70, 5F, FF, 75, CD, FD, 00, 00, F8, 0C, 61, 00, 8B, 00, 48, B8, 50, 75, 72, CA, 00, BE, 85, 90, 50, 00, E9, 04, FF, 00, 89, FF, 3D, 84, CC, FF, 8B, 00, 45, 57, 00, 81, 70, 00, 00, 00, 08, 65, 00, 15, EC, 00, EC, FF, FF, 44, E8, EC, 7E, 00, 75, 65, 72, 68, 0F, 23, 6E, 00, 79, CC, E2, 75, 1E, 1A, 74, FF, 00, 00, AE, FF, 4E, 00, 00, C4, 39, FF...
 
[+]

Code size:
42.5 KB (43,520 bytes)

Remove 10985559.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.