» 213453645.exe
Overview
Analysis
File Details
Behaviors (1)

213453645.exe

Zlkh9BILquRJ9

RjigZwDFnrKEZ

The executable 213453645.exe has been detected as malware by 20 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘1904333c7153fc42507f36d32455d604’.

File name:

213453645.exe

Publisher:

RjigZwDFnrKEZ

Product:

Zlkh9BILquRJ9

Description:

RjigZwDFnrKEZ

Version:

4.1.5.?0

MD5:

e93847aea48453a55c3e2e1478e92d3b

SHA-1:

fd3dacd1964f8aa933143d47326caaf3b0d0cf5d

SHA-256:

a3c2e3c0831b4830d878ea9e889eec786dc14f8a79e88541402362f58902e616

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/28/2024 5:46:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Razy.120899

-40

AegisLab AV Signature

Troj.W32.Gen.m2EN

2.1.4+

AhnLab V3 Security

Trojan/Win32.Agent.R133712

3.8.3.16

Avira AntiVirus

TR/Dropper.Gen

8.3.3.4

Arcabit

Trojan.Razy.D1D843

1.0.0.795

avast!

MSIL:GenMalicious-EJ [Trj]

2014.9-170316

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Gen:Variant.Razy.120899

1.0.20.375

Emsisoft Anti-Malware

Gen:Variant.Razy.120899

8.17.03.16.02

ESET NOD32

MSIL/Injector.CER (variant)

11.14996

Fortinet FortiGate

MSIL/Generic.AP.274570!tr

3/16/2017

F-Secure

Packed:MSIL/SmartIL.A

11.2017-16-03_5

G Data

Gen:Variant.Razy.120899

17.3.25

IKARUS anti.virus

Trojan.Agent

0.2.1.2

K7 AntiVirus

Trojan

13.10.2.22542

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1315

Malwarebytes

Trojan.Agent.MSIL

v2017.03.16.02

McAfee

Trojan-FDWX!E93847AEA484

5600.6094

MicroWorld eScan

Gen:Variant.Razy.120899

18.0.0.225

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

File size:

42.5 KB (43,520 bytes)

Product version:

4.1.5.?0

RjigZwDFnrKEZ

Trademarks:

Zlkh9BILquRJ9

Original file name:

pics.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\213453645.exe

File PE Metadata

Compilation timestamp:

2/25/2017 8:07:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0xB46E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.3761

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

37.5 KB (38,400 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

1904333c7153fc42507f36d32455d604

Command:

"C:\users\{user}\appdata\local\temp\213453645.exe"..

Remove 213453645.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.