» holy.exe
Overview
Analysis
File Details

holy.exe

Système d'exploitation Microsoft Windows

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable holy.exe has been detected as malware by 21 anti-virus scanners.

File name:

holy.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Système d'exploitation Microsoft® Windows®

Description:

explorer

Version:

6.00.2900.5634

MD5:

e7e1ebe281f97acad03828083c35429d

SHA-1:

36b7abd44fdf7f48ad10f4c618560d380f8af290

SHA-256:

1f322a78cad39c35e55bdd836d9b6eb6f9e8a077ecfc04d7d2ddc6dee18ca39b

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/23/2024 7:16:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.708

444

Avira AntiVirus

BDS/MSIL.Bladabindi.4322

7.11.136.64

avast!

Win32:Malware-gen

2014.9-151117

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.151117

Bitdefender

Gen:Variant.Barys.708

1.0.20.1605

Dr.Web

Trojan.DownLoader10.45391

9.0.1.0321

Emsisoft Anti-Malware

Gen:Variant.Barys.708

8.15.11.17.09

ESET NOD32

MSIL/Bladabindi

9.9525

Fortinet FortiGate

W32/Generic!tr

11/17/2015

F-Secure

Gen:Variant.Barys.708

11.2015-17-11_3

G Data

Gen:Variant.Barys.708

15.11.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.1105

McAfee

Artemis!E7E1EBE281F9

5600.6578

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.10302

MicroWorld eScan

Gen:Variant.Barys.708

16.0.0.963

Panda Antivirus

Trj/CI.A

15.11.17.09

Qihoo 360 Security

Win32/Trojan.004

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBH01C714

7.2.321

VIPRE Antivirus

Trojan.Win32.Generic

27280

File size:

270.5 KB (276,992 bytes)

Product version:

6.00.2900.5634

Trademarks:

Microsoft Corporation

Original file name:

Patch.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\holy.exe

File PE Metadata

Compilation timestamp:

2/19/2014 1:45:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:dygCGgImcp15AzSn5kUgB92In5i/0m//W8QS5BM+y70f0:vHgImcp15Aen5kU7In5i/V3W8QiB3y7X

Entry address:

0x44C0A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

267.5 KB (273,920 bytes)

Remove holy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.