» percucines_.exe
Overview
Analysis
File Details

percucines_.exe

Romeo

The executable percucines_.exe has been detected as malware by 28 anti-virus scanners.

File name:

percucines_.exe

Product:

Romeo

Version:

0.00

MD5:

0a6993f0c74e3a877bbaebfe78b99e2e

SHA-1:

904c50ed33a26c5f91faea5826f79c76f82d0f53

SHA-256:

0d0cd29c4a93b0269ca21b02c8b797f627debd1673d11844861e5bc73993f82e

Scanner detections:

28 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/29/2024 1:17:15 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Virut.D

2010.08.10

Avira AntiVirus

TR/VB.dnz

8.2.4.34

avast!

Win32:Virut

2014.9-170315

AVG

Worm/VB.9

2018.0.2438

Bitdefender

Trojan.Generic.2210288

1.0.20.370

Clam AntiVirus

W32.Virut.Gen.D-151

0.98/170.3

Comodo Security

Virus.Win32.Virut.q

5698

Dr.Web

Trojan.Romeo

9.0.1.074

Emsisoft Anti-Malware

Trojan-Dropper.Agent!IK

8.17.03.15.10

ESET NOD32

Win32/VB.NHM

11.5353

Fortinet FortiGate

W32/Virut.F

3/15/2017

F-Prot

W32/Virut.A!Generic

v6.4.6.1.107

F-Secure

Trojan.Generic.2210288

11.2017-15-03_4

G Data

Trojan.Generic.2210288

17.3.21

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.1.87.0

Kaspersky

Virus.Win32.Virut

14.0.0.-1315

McAfee

W32/Virut.gen

5600.6094

Microsoft Security Essentials

Worm:Win32/Moriogu.A

1.163.1557.0

Norman

W32/Virut.BT

11.20170315

nProtect

Trojan.Generic.2210288

10.08.09.02

Panda Antivirus

Trj/Romeo.A

17.03.15.10

Prevx

High Risk Cloaked Malware

3.0

Quick Heal

W32.Virut.D

3.17.11.00

Rising Antivirus

Trojan.Win32.Generic.51FC3F09

23.00.65.17313

Sophos

Mal/Generic-A

4.56

Trend Micro House Call

WORM_SILLY.QK

7.2.74

Trend Micro

WORM_SILLY.QK

10.465.15

ViRobot

Win32.Virut.AN

2010.8.9.3978

File size:

112 KB (114,688 bytes)

Product version:

0.00

Original file name:

romeo.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\percucines_.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0xC754

Entry point:

55, 8B, EC, E8, 2C, 00, 00, 00, 81, EE, 5C, 67, FF, FF, 56, 31, C9, 81, C9, 07, 28, 00, 00, BB, 3D, 00, 00, 00, 86, 06, 66, 29, D8, 88, 06, 46, 66, 81, C3, 51, 00, 49, 83, F9, 00, 75, ED, 5E, C9, FF, E6, 90, 5E, 56, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC... 
[+]

Entropy:

4.1572

Developed / compiled with:

Microsoft Visual C++

Code size:

48 KB (49,152 bytes)

Remove percucines_.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.