» 653fd19623657564e1b773ac0d81961f_2582016.npb
Overview
Analysis
File Details

653fd19623657564e1b773ac0d81961f_2582016.npb

winlogon

The file 653fd19623657564e1b773ac0d81961f_2582016.npb has been detected as malware by 26 anti-virus scanners.

File name:

Product:

winlogon

Description:

File Folder

Version:

1.00

MD5:

653fd19623657564e1b773ac0d81961f

SHA-1:

7dec8f71fbc2ff94119071de76db7016bfc9be2d

SHA-256:

500cf82777bf39d65b50865d1acb318fb5e61440816375b6f97fbaa1dd25501d

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

4/29/2024 4:48:42 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Swisyn.200704.B

2011.04.10

Avira AntiVirus

TR/Dropper.Gen

7.11.6.19

avast!

Win32:VB-QMU

2014.9-170311

AVG

Generic14

2018.0.2442

Bitdefender

Gen:Trojan.Heur.Ds3@s9t05yhib

1.0.20.350

Comodo Security

TrojWare.Win32.Agent.~JH1

8283

Dr.Web

Trojan.MulDrop2.9934

9.0.1.070

ESET NOD32

Win32/AutoRun.VB.RW

11.6029

Fortinet FortiGate

W32/Swisyn.E!tr

3/11/2017

G Data

Gen:Trojan.Heur.Ds3@s9t05yhib

17.3.22

IKARUS anti.virus

Worm.Win32.VB

t3scan.1.1.103.0

K7 AntiVirus

Trojan

13.96.4347

Kaspersky

Trojan.Win32.Swisyn

14.0.0.-1294

McAfee

W32/Autorun.worm.h

5600.6098

Microsoft Security Essentials

Worm:Win32/VB.GG

1.163.1557.0

Norman

W32/Obfuscated.H3!genr

11.20170311

Panda Antivirus

Generic Malware

17.03.11.08

Prevx

Medium Risk Malware Dropper

3.0

Quick Heal

Trojan.Swisyn.E

3.17.11.00

Rising Antivirus

Trojan.Win32.Generic.124C0348

23.00.65.17309

Sophos

Mal/Behav-789

4.64

Trend Micro House Call

TROJ_SWISYN.B

7.2.70

Trend Micro

TROJ_SWISYN.B

10.465.11

Vba32 AntiVirus

Trojan.VBO.011148

3.12.14.3

VIPRE Antivirus

Trojan.Win32.Generic

8971

ViRobot

Trojan.Win32.S.Swisyn.2582016

2011.4.9.4402

File size:

2.5 MB (2,582,016 bytes)

Product version:

1.00

Original file name:

new 2.0.exe

Language:

English (United States)

Common path:

C:\ProgramData\net protector\npbkp\653fd19623657564e1b773ac0d81961f_2582016.npb

File PE Metadata

Compilation timestamp:

11/19/2005 10:27:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x17B8

Entry point:

68, C0, 4E, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 25, 26, DA, E8, 45, 44, FC, 44, A9, C0, D8, 30, 51, 2E, 1C, AC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 2D, 43, 30, 30, 30, 2D, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 30, 34, 36, 7D, 23, 32, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 08, 49, D8, CD, 06, 79, 2C, 91, 40, 80, 36, 91, FA, 53, 7A, 6D, 12, 02, 22, 50, D7, 44, 72, B7, 40, 98, 0F, FE, 45, 07, D3, 56, 8D, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

0.7896

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

108 KB (110,592 bytes)

Remove 653fd19623657564e1b773ac0d81961f_2582016.npb - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.