» microsoft_pocicarezo.exe
Overview
Analysis
File Details
Behaviors (1)

microsoft_pocicarezo.exe

The executable microsoft_pocicarezo.exe has been detected as malware by 22 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘FireFoxUpdServeisSystem’.

File name:

MD5:

4646fe6a06b7fa87b6905656823db1c7

SHA-1:

e9cadf9d6745b4f426b45198474285175980db39

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/26/2024 6:52:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2619866

547

Avira AntiVirus

TR/Agent.123904.133

8.3.1.6

Arcabit

Trojan.Generic.D27F9DA

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150806

Baidu Antivirus

Trojan.Win32.BitWall

4.0.3.1586

Bitdefender

Trojan.GenericKD.2619866

1.0.20.1090

Dr.Web

Trojan.Click3.13888

9.0.1.0218

Emsisoft Anti-Malware

Trojan.GenericKD.2619866

8.15.08.06.03

ESET NOD32

Win32/Agent.RHG

9.12053

F-Secure

Trojan.GenericKD.2619866

11.2015-06-08_5

G Data

Trojan.GenericKD.2619866

15.8.25

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16806

Kaspersky

Trojan-Spy.Win32.BitWall

14.0.0.1622

McAfee

Artemis!4646FE6A06B7

5600.6681

Microsoft Security Essentials

Ransom:Win32/Denisca.A

1.1.11903.0

MicroWorld eScan

Trojan.GenericKD.2619866

16.0.0.654

nProtect

Trojan.GenericKD.2619866

15.08.06.02

Panda Antivirus

Generic Suspicious

15.08.06.03

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

42660

File size:

121 KB (123,904 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\firefoxupdserveis\microsoft_pocicarezo.exe

File PE Metadata

Compilation timestamp:

8/3/2015 8:09:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:Z2Wx2yFrCBfb8F1K6gUoP9uAHY6qvKMeuAPoDExuMuusvda:Z5x2m2Ok8oPjL6KMGPoP6s

Entry address:

0x7634

Entry point:

E8, E9, 67, 00, 00, E9, 89, FE, FF, FF, B8, 28, 8E, 41, 00, C3, A1, 80, D4, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 80, D4, 41, 00, 6A, 04, 50, E8, 97, 68, 00, 00, 59, 59, A3, 64, C4, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 80, D4, 41, 00, E8, 7E, 68, 00, 00, 59, 59, A3, 64, C4, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 28, 8E, 41, 00, EB, 05, A1, 64, C4, 41, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, A8, 90, 41, 00, 7C, EA, 6A... 
[+]

Entropy:

6.4108

Code size:

68 KB (69,632 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FireFoxUpdServeisSystem

Command:

"C:\Documents and Settings\{user}\Application data\firefoxupdserveis\microsoft_pocicarezo.exe"

Remove microsoft_pocicarezo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.