» focus.exe
Overview
Analysis
File Details
Behaviors (1)

focus.exe

The executable focus.exe has been detected as malware by 27 anti-virus scanners.

File name:

focus.exe

MD5:

cc6e22bac31505adf3a3a4fca6eddf56

SHA-1:

1a39667f3c56a762094ec1fc1c43383df0db8201

SHA-256:

015c0a4268424d8ccc6b510d2512dd2643a89f1d0f80fcf2160754c5e2eef6bd

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/26/2024 11:58:28 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2186449

696

Agnitum Outpost

Trojan.Foreign

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransom

2015.02.26

Avira AntiVirus

TR/Crypt.ZPACK.111770

7.11.213.118

avast!

Win32:Malware-gen

2014.9-150311

AVG

Crypt3

2016.0.3174

Baidu Antivirus

Trojan.Win32.Ransom

4.0.3.15311

Bitdefender

Trojan.GenericKD.2186449

1.0.20.350

Bkav FE

HW32.Packed

1.3.0.6379

Comodo Security

UnclassifiedMalware

21291

Emsisoft Anti-Malware

Trojan.GenericKD.2186449

8.15.03.11.12

ESET NOD32

Win32/LockScreen.AVP

9.11231

Fortinet FortiGate

W32/Foreign.CZPG!tr

3/11/2015

F-Secure

Trojan.GenericKD.2186449

11.2015-11-03_4

G Data

Trojan.GenericKD.2186449

15.3.25

IKARUS anti.virus

Trojan.Win32.Crypt

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.200.15157

Kaspersky

Trojan-Ransom.Win32.Foreign

14.0.0.2365

McAfee

RDN/Suspicious.bfr!bi

5600.6830

Microsoft Security Essentials

Ransom:Win32/Urausy.I

1.1.11400.0

MicroWorld eScan

Trojan.GenericKD.2186449

16.0.0.210

NANO AntiVirus

Trojan.Win32.Foreign.doketv

0.30.0.296

nProtect

Trojan.GenericKD.2186449

15.03.04.01

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.3.11.0

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

38116

File size:

38.5 KB (39,424 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\focus.exe

File PE Metadata

Compilation timestamp:

2/25/2015 2:13:31 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.71

CTPH (ssdeep):

768:Yc5RUYXDMnoELEyJBQ5A5Lli4rT59NZNpeLo:YyHnEwyXL5nnpeU

Entry address:

0xB000

Entry point:

68, 00, 7F, 00, 00, 6A, 00, FF, 15, 8C, A0, 40, 00, A3, 34, 1D, 40, 00, 68, 00, 7F, 00, 00, 6A, 00, FF, 15, 88, A0, 40, 00, A3, 38, 1D, 40, 00, 6A, 00, FF, 15, 58, A0, 40, 00, A3, 00, D0, 40, 00, A3, 30, 1D, 40, 00, 68, 20, 1D, 40, 00, FF, 15, 9C, A0, 40, 00, 85, C0, 74, 57, FF, 35, 00, D0, 40, 00, 6A, 00, 68, 32, 05, 00, 00, 6A, 00, E8, A7, 0F, 00, 00, 68, DC, 1C, 40, 00, FF, 15, 60, A0, 40, 00, FF, 15, 50, A0, 40, 00, 6A, 00, 6A, 00, 6A, 00, 68, 48, 1D, 40, 00, FF, 15, 80, A0, 40, 00, 83, F8, 01, 72, 1C... 
[+]

Entropy:

7.0134

Code size:

1.5 KB (1,536 bytes)

User Start Menu Item

Name:

focus.exe

Remove focus.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.