» pjpwpu.exe
Overview
Analysis
File Details
Behaviors (1)

pjpwpu.exe

The executable pjpwpu.exe has been detected as malware by 29 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “Remote Command Service”.

File name:

pjpwpu.exe

MD5:

716c7cbbd3697f717bcd2ce8e9a84d8a

SHA-1:

a3e2c7402ea94c3c2292f60d32042217c138faec

SHA-256:

cd593ee2bf32be23c06f78211058cf9a24a8b0ad2c694133a8b365ea0b8084e3

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/29/2024 12:50:28 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win32/Dzan.B

2010.07.10

Avira AntiVirus

W32/Dzan.a

8.2.4.10

Emsisoft A-Squared

Backdoor.Win32.Xyligan!IK

5.0.0.31

avast!

Win32:PcClient-ZE

2014.9-170309

AVG

Win32/Dzan.C

2018.0.2444

Bitdefender

Trojan.Spy.Agent.ODR

1.0.20.340

Clam AntiVirus

Trojan.Agent-136588

0.98/170.3

Comodo Security

Virus.Win32.Dzan.C0

5401

Dr.Web

Trojan.DownLoad.46081

9.0.1.068

ESET NOD32

Win32/Dzan

11.5270

Fortinet FortiGate

W32/Dzan.C

3/9/2017

F-Prot

W32/Backdoor2.FXKN

v6.4.6.1.107

F-Secure

Trojan.Spy.Agent.ODR

11.2017-09-03_5

G Data

Trojan.Spy.Agent.ODR

17.3.21

IKARUS anti.virus

Backdoor.Win32.Xyligan

t3scan.1.1.84.0

Kaspersky

Backdoor.Win32.Xyligan

14.0.0.-1284

McAfee

BackDoor-EDH

5600.6100

Microsoft Security Essentials

Virus:Win32/Dzan.B

1.163.1557.0

Norman

W32/Dzan.C

11.20170309

nProtect

Virus/W32.Dzan

10.07.12.01

Panda Antivirus

W32/Dzan.I

17.03.09.05

Prevx

High Risk System Back Door

3.0

Quick Heal

W32.Dzan.A

3.17.11.00

Rising Antivirus

Backdoor.Win32.Mnless.cpb

23.00.65.17307

Sophos

W32/Dzan-D

4.55

Trend Micro House Call

PE_DZAN.C

7.2.68

Trend Micro

PE_DZAN.C

10.465.09

Vba32 AntiVirus

Virus.Win32.Dzan.c

3.12.12.6

ViRobot

Win32.DZan.A

2010.7.12.3932

File size:

121.5 KB (124,416 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\pjpwpu.exe

File PE Metadata

Compilation timestamp:

9/1/2009 3:40:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x12F00

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 9A, 41, 00, 68, D0, 3E, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 40, CE, 41, 00, 33, D2, 8A, D4, 89, 15, 68, C1, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 64, C1, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 60, C1, 41, 00, C1, E8, 10, A3, 5C, C1, 41, 00, 33, F6, 56, E8, C8, 0D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, E5, 0B, 00, 00, FF, 15, 3C, CE, 41, 00, A3, 20, C7, 41, 00, E8... 
[+]

Entropy:

5.8301

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

38.5 KB (39,424 bytes)

Service

Display name:

Remote Command Service

Service name:

rcmdsvc

Description:

Windows Resource Kit

Type:

Win32OwnProcess

Remove pjpwpu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.