» 8iyqbsp1.exe
Overview
Analysis
File Details
Behaviors (1)

8iyqbsp1.exe

The executable 8iyqbsp1.exe has been detected as malware by 24 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘coolsos’.

File name:

8iyqbsp1.exe

MD5:

dbbb24ab1ceecb08573d47420e51517d

SHA-1:

0a7775d746168138705f6ef27a5ce45668104f82

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/30/2024 5:57:51 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Vaklik.131210

5.0.

Avira AntiVirus

TR/Crypt.ZPACK.Gen

8.2.1.224

Emsisoft A-Squared

Worm.Win32.Taterf!IK

4.5.0.50

avast!

Win32:Soolo

2014.9-170307

AVG

SHeur2

2018.0.2446

Bitdefender

Trojan.Generic.2634351

1.0.20.330

Comodo Security

TrojWare.Win32.Trojan.Agent.Gen

4693

ESET NOD32

Win32/Pacex.Gen (variant)

11.5066

Fortinet FortiGate

Malware_fam.A

3/7/2017

F-Prot

W32/Taterf.A!Generic

v6.4.5.1.85

F-Secure

Trojan.Generic.2634351

11.2017-07-03_3

G Data

Trojan.Generic.2634351

17.3.21

IKARUS anti.virus

Worm.Win32.Taterf

t3scan.1.1.80.0

Kaspersky

Trojan.Win32.Vaklik

14.0.0.-1273

McAfee

Generic Dropper!bgw

5600.6102

Microsoft Security Essentials

Worm:Win32/Taterf.B

1.163.1557.0

nProtect

Trojan.Generic.2634351

10.04.27.01

Panda Antivirus

W32/Lineage.LEC

17.03.07.12

Prevx

Medium Risk Malware

3.0

Quick Heal

Trojan.Vaklik.gkv

3.17.10.00

Rising Antivirus

Packer.Win32.Agent.bq

23.00.65.17305

Sophos

Mal/Taterf-B

4.53

Trend Micro

TROJ_MEREDROP.SX

10.465.07

Vba32 AntiVirus

Trojan-PSW.Win32.OnlineGames.3

3.12.12.4

File size:

128.1 KB (131,210 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

11/1/2009 9:37:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

24.7

Entry address:

0x1036

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, BA, 4A, 44, 00, 8B, F0, 8A, 00, 3C, 22, EB, 2D, 46, 8A, 06, 84, C0, 74, 04, 3C, 22, 75, F5, 80, 3E, 22, 75, 0D, 46, EB, 0A, 3C, 20, 7E, 06, 46, 80, 3E, 20, 7F, FA, 80, 3E, 00, 74, 0B, 80, 3E, 20, 7F, 06, 46, 80, 3E, 00, 75, F5, A1, BE, 4A, 44, 00, 66, 2D, 70, 2B, 75, 01, CC, C7, 45, E8, 00, 00, 00, 00, 8D, 4D, BC, 51, FF, 15, BE, 4A, 44, 00, F6, 45, E8, 01, B8, 0A, 00, 00, 00, 74, 04, 0F, B7, 45, EC, 50, 56, 6A, 00, 6A, 00, FF, 15, 96, 4A, 44, 00, 50, E8, 73, 38, 04, 00... 
[+]

Entropy:

7.7209

Developed / compiled with:

Microsoft Visual C++

Code size:

4 KB (4,096 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

coolsos

Command:

C:\Windows\System32\aqoeerw.exe

Remove 8iyqbsp1.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.