home

eDonkey2000.EXE

eDonkey2000 Application

The executable eDonkey2000.EXE has been detected as malware by 10 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘eDonkey2000’.
Product:
eDonkey2000 Application

Version:
1, 0, 0, 1

MD5:
5f1b3f534f5daa611ba4aeed4e30f7e1

SHA-1:
ea74fb2369181448b80bf01f883480dbff5d2592

SHA-256:
bda721faed9acfd6cbf7865984e44c9ebfade6a54b2515e1acc77bfcd3cfa991

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
4/30/2024 4:01:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.9.1.160

Emsisoft A-Squared
Backdoor.Win32.Blarul.B!IK
4.5.0.50

avast!
Win32:Malware-gen
2014.9-170305

Bitdefender
DeepScan:Generic.PWStealer.E34A8E3F
1.0.20.320

G Data
DeepScan:Generic.PWStealer.E34A8E3F
17.3.19

IKARUS anti.virus
Backdoor.Win32.Blarul.B
t3scan.1.1.80.0

Microsoft Security Essentials
Backdoor:Win32/Blarul
1.163.1557.0

Quick Heal
Trojan.Agent.ATV
3.17.10.00

Rising Antivirus
Backdoor.Win32.Small.xfq
23.00.65.17303

Vba32 AntiVirus
Backdoor.Win32.Blarul.b
3.12.12.2

File size:
520 KB (532,441 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C) 2002

Original file name:
eDonkey2000.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\edonkey2000\edonkey2000.exe

File PE Metadata
Compilation timestamp:
5/19/2003 9:34:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x18F0

Entry point:
B8, EF, BE, AD, DE, 50, 6A, 00, FF, 15, 10, 19, 40, 00, E9, AD, FF, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, CA, 0C, 00, 00, 3E, 0D, 00, 00, 56, 0C, 00, 00, 64, 0C, 00, 00, 76, 0C, 00, 00, 86, 0C, 00, 00, 96, 0C, 00, 00, A8, 0C, 00, 00, BA, 0C, 00, 00, DE, 0C, 00, 00, EE, 0C, 00, 00, FC, 0C, 00, 00, 0E, 0D, 00, 00, 1A, 0D, 00, 00, 28, 0D, 00, 00, 00, 00, 00, 00, 3C, 0C, 00, 00, 00, 00, 00, 00, D4, 19, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, EA, 19, 00, 00, 50, 19, 00, 00, 94, 19, 00, 00...
 
[+]

Entropy:
7.9529

Packer / compiler:
Thinstall

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eDonkey2000

Command:
C:\Program Files\edonkey2000\edonkey2000.exe -t


Remove eDonkey2000.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.