» mysterypi.exe
Overview
Analysis
File Details

mysterypi.exe

The executable mysterypi.exe has been detected as malware by 17 anti-virus scanners.

File name:

mysterypi.exe

MD5:

5e486fa660e4c058a005595c22deb5fe

SHA-1:

f83f3199bec7c1f7ee8aed7c12c9b615a1f119fb

SHA-256:

f94bdd52d46ff951fcd7e1f34a4fd8b6904c46d8a1392de9c9bfa9fd00dc5507

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/30/2024 11:44:55 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/MalPackedB.suspicious

2010.06.03

Emsisoft A-Squared

Trojan.SuspectCRC!IK

5.0.0.26

avast!

Win32:Malware-gen

2014.9-170306

Comodo Security

UnclassifiedMalware

4980

ESET NOD32

Win32/Spy.Agent (variant)

11.5166

F-Prot

W32/Downldr2.GOMG

v6.4.6.0.103

G Data

Win32:Malware-gen

17.3.21

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.1.84.0

McAfee

W32/NGVCK.a

5600.6104

Microsoft Security Essentials

Trojan:Win32/Orsam!rts

1.163.1557.0

Norman

W32/Packed_RLPack.O

11.20170306

nProtect

Trojan/W32.Agent.345432

10.06.02.01

Panda Antivirus

Trj/CI.A

17.03.06.03

Prevx

Medium Risk Malware

3.0

Sophos

Mal/Krap-K

4.53

Trend Micro House Call

TROJ_Generic.DIT

7.2.65

Trend Micro

TROJ_Generic.DIT

10.465.06

File size:

337.3 KB (345,432 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\mystery p.i. - the lottery ticket\mysterypi.exe

File PE Metadata

Compilation timestamp:

5/6/2009 8:30:15 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x58000

Entry point:

60, E8, 00, 00, 00, 00, 8B, 2C, 24, 83, C4, 04, 83, 7C, 24, 28, 01, 75, 0C, 8B, 44, 24, 24, 89, 85, 32, 03, 00, 00, EB, 0C, 8B, 85, 36, 03, 00, 00, 89, 85, 32, 03, 00, 00, 83, BD, 2A, 03, 00, 00, 01, 0F, 84, 96, 00, 00, 00, 8B, 85, 1A, 03, 00, 00, 03, 85, 32, 03, 00, 00, 8B, 08, 8D, 9D, 22, 03, 00, 00, 89, 0B, 8D, 9D, CF, 00, 00, 00, 89, 18, E8, 3E, 02, 00, 00, 8D, 9D, E8, 02, 00, 00, 53, 50, FF, 95, 22, 03, 00, 00, 68, 00, 02, 00, 00, 8D, 9D, 3A, 03, 00, 00, 53, 6A, 00, FF, D0, 50, 8F, 85, 3A, 05, 00, 00... 
[+]

Entropy:

6.7696

Packer / compiler:

ASPack v1.08.04

Code size:

164 KB (167,936 bytes)

Remove mysterypi.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.