» power of attorney.exe
Overview
Analysis
File Details
Behaviors (1)

power of attorney.exe

The executable power of attorney.exe has been detected as malware by 19 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Yahoo Messengger’.

File name:

Version:

1, 1, 1, 1

MD5:

1886b560d00ff6feea38a11a0ec7e805

SHA-1:

dd4d7ded6ddff3b598c77a566ec6f7a0556e72cc

SHA-256:

215266e86f69851f3f149b2543365604e3ce1ebdb4457eecc869760d3dc71ac6

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

4/30/2024 10:04:18 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dropper.Gen

7.9.1.33

Emsisoft A-Squared

Worm.Win32.AutoIt!IK

4.5.0.24

avast!

AutoIt:AutoRun-B2

2014.9-170309

Bitdefender

Gen:Trojan.Heur.AutoIT.Lu3@bKH@QYfi

1.0.20.340

Clam AntiVirus

Worm.AutoIT-25

0.98/171

ESET NOD32

Win32/Sohanad

11.4480

F-Secure

Virus.Win32.AutoIt.j

11.2017-09-03_5

G Data

Gen:Trojan.Heur.AutoIT.Lu3@bKH@QYfi

17.3.19

IKARUS anti.virus

Worm.Win32.AutoIt

t3scan.1.1.72.0

Kaspersky

Virus.Win32.AutoIt

14.0.0.-1282

McAfee

W32/YahLover.worm.gen

5600.6101

Norman

W32/Obfuscated.H2!genr

11.20170309

Panda Antivirus

Trj/CI.A

17.03.09.08

Prevx

High Risk Cloaked Malware

3.0

Quick Heal

Trojan.Autoit.j

3.17.10.00

Rising Antivirus

Worm.Win32.AutoIt.bag

23.00.65.17307

Sophos

Mal/Generic-A

4.45

Trend Micro

Mal_SHND-4

10.465.09

Vba32 AntiVirus

Trojan-Downloader.Autoit.gen

3.12.10.11

File size:

597.2 KB (611,527 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

6/12/2008 2:21:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

Entry address:

0x54D3D

Entry point:

E8, 48, B1, 00, 00, E9, 17, FE, FF, FF, B8, AB, 09, 46, 00, A3, 28, 6D, 47, 00, C7, 05, 2C, 6D, 47, 00, A7, 00, 46, 00, C7, 05, 30, 6D, 47, 00, 65, 00, 46, 00, C7, 05, 34, 6D, 47, 00, 99, 00, 46, 00, C7, 05, 38, 6D, 47, 00, 0F, 00, 46, 00, A3, 3C, 6D, 47, 00, C7, 05, 40, 6D, 47, 00, 25, 09, 46, 00, C7, 05, 44, 6D, 47, 00, 25, 00, 46, 00, C7, 05, 48, 6D, 47, 00, 8F, FF, 45, 00, C7, 05, 4C, 6D, 47, 00, 1E, FF, 45, 00, C3, E8, 9B, FF, FF, FF, E8, 80, BC, 00, 00, 83, 7C, 24, 04, 00, A3, 34, 8A, 47, 00, 74, 05... 
[+]

Entropy:

5.8424

Code size:

408 KB (417,792 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Yahoo Messengger

Command:

C:\Windows\System32\ssvichosst.exe

Remove power of attorney.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.