» iphonesad.exe
Overview
Analysis
File Details
Behaviors (1)

iphonesad.exe

fizabudamas

The executable iphonesad.exe has been detected as malware by 33 anti-virus scanners. Accoriding to the detections, this has been classified as a kyelogger which is capable of recoring a user's keystrokes.

File name:

iphonesad.exe

Publisher:

fizabudamas

Product:

fizabudamas

Version:

111.122.2326

MD5:

7809a16414c161e9e6fc5473d0392d69

SHA-1:

ec8944858228268c92cf3e2a7f15c67a37bea594

SHA-256:

5e67236b888fbce03ad051862a8f0bb5b3a66ec1332c8ccd9534ab1a9ff2e169

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

4/27/2024 4:27:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.67452

-40

AegisLab AV Signature

Troj.W32.Vb!c

2.1.4+

AhnLab V3 Security

Trojan/Win32.VB.C1714392

3.8.3.16

Avira AntiVirus

TR/Spy.szwdo

8.3.3.4

Arcabit

Trojan.Symmi.D1077C

1.0.0.793

avast!

Win32:GenMalicious-DV [Trj]

2014.9-170316

AVG

PSW.Generic13

2018.0.2438

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Gen:Variant.Symmi.67452

1.0.20.375

Comodo Security

TrojWare.Win32.Spy.KeyLogger.OMW

26488

Dr.Web

Trojan.Siggen7.8108

9.0.1.075

Emsisoft Anti-Malware

Gen:Variant.Symmi.67452

8.17.03.16.12

ESET NOD32

Win32/Spy.KeyLogger.OAB (variant)

11.14826

Fortinet FortiGate

W32/VB.DJFZ!tr

3/16/2017

F-Secure

Gen:Variant.Symmi.67452

11.2017-16-03_5

G Data

Gen:Variant.Symmi.67452

17.3.25

IKARUS anti.virus

Trojan-Spy.Agent

0.1.3.4

K7 AntiVirus

Spyware

13.2422210

Kaspersky

Trojan.Win32.VB

14.0.0.-1315

McAfee

GenericRXAU-EL!7809A16414C1

5600.6094

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.13407.0

MicroWorld eScan

Gen:Variant.Symmi.67452

18.0.0.225

NANO AntiVirus

Trojan.Win32.VB.ejrson

1.0.70.14475

Panda Antivirus

Trj/GdSda.A

17.03.16.12

Qihoo 360 Security

Win32/Trojan.Spy.60f

1.0.0.1120

Quick Heal

Trojan.VB

3.17.14.00

Rising Antivirus

Spyware.KeyLogger!8.12F-A6YT9AljsuL (cloud)

23.00.65.17314

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TSPY_VBKEYLOG.SM

7.2.75

Trend Micro

TSPY_VBKEYLOG.SM

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

55490

ViRobot

Trojan.Win32.Z.Agent.299008.KO[h]

2014.3.20.0

Zillya! Antivirus

Trojan.VB.Win32.164494

2.0.0.3182

File size:

292 KB (299,008 bytes)

Product version:

111.122.2326

Trademarks:

fizabudamas

Original file name:

1.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\iphonesad.exe

File PE Metadata

Compilation timestamp:

12/15/2016 11:28:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x11B4

Entry point:

68, 10, 27, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, 9C, 43, E6, 5D, 34, 59, AA, 43, BA, 2C, 60, 84, 09, 87, 6C, 63, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 66, 69, 7A, 61, 62, 75, 64, 61, 6D, 61, 73, 00, 00, 00, 00, 00, 66, 69, 7A, 61, 62, 75, 64, 61, 6D, 61, 73, 00, 08, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 38, 1A, ED, B8, C1, 26, FC, 49, 4B, 82, DF, E7, 75, 60, 3E, 82, 4F, 80, 09, C5, 65, E3, 63, AB, 49, 9D, F4, 47... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

284 KB (290,816 bytes)

User Start Menu Item

Name:

iphonesad.exe

Remove iphonesad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.