» fnavlggh.exe
Overview
Analysis
File Details

fnavlggh.exe

IR_SERVER

Altekcorp

The executable fnavlggh.exe has been detected as malware by 32 anti-virus scanners.

File name:

fnavlggh.exe

Publisher:

Altekcorp

Product:

IR_SERVER

Version:

1, 1, 1202, 2008

MD5:

4d979988d4bab9e02c9617f3d16f9698

SHA-1:

ea54dbff884d84dbd5b77a5d0e10cb6b0325ef57

SHA-256:

a426989f846677ee8f125ea383925ed5c8e3de7ead53d358ba5aaafc0607e731

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

4/28/2024 10:28:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Heur.PIF.10

419

Agnitum Outpost

Trojan.Midhos

7.1.1

AhnLab V3 Security

Trojan/Win32.Medfos

15.12.13

Avira AntiVirus

TR/Crypt.XPACK.Gen8

7.11.151.204

avast!

Win32:Malware-gen

2014.9-151213

AVG

Win32/Cryptor

2016.0.2897

Baidu Antivirus

Trojan.Win32.Medfos

4.0.3.151213

Bitdefender

Gen:Heur.PIF.10

1.0.20.1735

Comodo Security

UnclassifiedMalware

18347

Dr.Web

Trojan.Inject

9.0.1.0347

Emsisoft Anti-Malware

Gen:Heur.PIF.10

8.15.12.13.07

ESET NOD32

Win32/Medfos.TT (variant)

9.9857

Fortinet FortiGate

W32/Medfos.IOE

12/13/2015

F-Secure

Gen:Heur.PIF.10

11.2015-13-12_1

G Data

Gen:Heur.PIF.10

15.12.24

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.178.12212

Kaspersky

Trojan.Win32.Midhos

14.0.0.978

Malwarebytes

Trojan.Medfos.V1Gen

v2015.12.13.07

McAfee

Medfos-FAB!4D979988D4BA

5600.6553

Microsoft Security Essentials

Trojan:Win32/Medfos.AF

1.10600

MicroWorld eScan

Gen:Heur.PIF.10

16.0.0.1041

NANO AntiVirus

Trojan.Win32.Inject.cwjfke

0.28.0.59921

Norman

Medfos.API

11.20151213

Panda Antivirus

Trj/Genetic.gen

15.12.13.07

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Sophos

Mal/Medfos-K

4.98

Trend Micro House Call

TROJ_MEDFOS.CSK

7.2.347

Trend Micro

TROJ_MEDFOS.CSK

10.465.13

Vba32 AntiVirus

SScope.Trojan.Midhos.2513

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Medfos.ioe

29680

Zillya! Antivirus

Trojan.Midhos.Win32.12970

2.0.0.1803

File size:

200.5 KB (205,312 bytes)

Product version:

1, 1, 1202, 2008

Original file name:

IR_SERVER.EXE

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\appdata\local\fnavlggh.exe

File PE Metadata

Compilation timestamp:

8/8/2012 1:53:29 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

3072:dBJAv91rokfREqlcMh3pkUB+aN18ngOgISZ5ly10DrVdFvjac8:HgbfRkMhZlBT7OgIalu0DrzF7a

Entry address:

0x35F1

Entry point:

6A, 00, E8, 6F, 00, 00, 00, A3, 03, 97, 40, 00, FF, 15, 00, 50, 42, 00, E8, AB, 9D, 01, 00, 8B, F0, 56, 6A, FC, 53, FF, 15, 60, 50, 42, 00, 3B, C6, 74, FE, 8B, 4D, 0C, 89, 01, 8B, 75, FC, 83, 66, 14, 00, 6A, FC, 53, FF, 15, 8C, 50, 42, 00, 85, C0, 89, 45, 08, 74, D9, 2B, DF, 0F, 84, F2, A8, 00, 00, 8B, C3, 33, D2, F7, 76, 1C, 8B, FB, 2B, FA, 83, 65, F8, 00, 89, 7D, FC, 8B, 4E, 20, FF, 75, FC, 8B, 01, FF, 75, 08, FF, 50, 34, 01, 45, 08, 01, 45, F8, 29, 45, FC, 85, C0, 55, 8B, EC, 81, EC, 70, 00, 00, 00, 0B... 
[+]

Entropy:

6.2213

Packer / compiler:

TASM / MASM

Code size:

141 KB (144,384 bytes)

Remove fnavlggh.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.