home

repair.exe

Windows Defender User Interface

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable repair.exe, “Windows Defender User Interface” has been detected as malware by 34 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Windows Defender User Interface

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
642e0649e121f5ce4e3755669710df18

SHA-1:
00a292fb10580895579e2110482441661b616216

SHA-256:
5822aa241bb487c00779e2cccb0da8cf42dfe7f839fc322018bbf39ce4a039bb

Scanner detections:
34 / 68

Status:
Malware

Analysis date:
9/20/2024 11:53:06 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.165054
-40

AegisLab AV Signature
Backdoor.Msil.Gen!c
2.1.4+

AhnLab V3 Security
Malware/Win32.Generic.C1119321
3.8.1.16

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

Arcabit
Trojan.Zusy.D284BE
1.0.0.788

avast!
Win32:Trojan-gen
2014.9-170316

AVG
MSIL9
2018.0.2438

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17316

Bitdefender
Gen:Variant.Zusy.165054
1.0.20.375

Bkav FE
W32.Clod15d.Trojan
1.3.0.8455

Comodo Security
UnclassifiedMalware
26140

Dr.Web
Trojan.DownLoader12.34166
9.0.1.075

Emsisoft Anti-Malware
Gen:Variant.Zusy.165054
8.17.03.16.12

ESET NOD32
MSIL/Injector.IFO (variant)
11.14470

Fortinet FortiGate
MSIL/Injector.MJM!tr
3/16/2017

F-Secure
Gen:Variant.Zusy.165054
11.2017-16-03_5

G Data
Gen:Variant.Zusy.165054
17.3.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.2.1.16.0

K7 AntiVirus
Trojan
13.245.21562

Kaspersky
Backdoor.MSIL.Bladabindi
14.0.0.-1315

McAfee
Artemis!642E0649E121
5600.6094

Microsoft Security Essentials
TrojanSpy:MSIL/Omaneat.B
1.1.13303.0

MicroWorld eScan
Gen:Variant.Zusy.165054
18.0.0.225

NANO AntiVirus
Trojan.Win32.Bladabindi.dxthev
1.0.70.13328

Panda Antivirus
Trj/CI.A
17.03.16.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Quick Heal
TrojanSpy.Omaneat
3.17.14.00

Rising Antivirus
Trojan.Generic-EDAuyYje35I (cloud)
23.00.65.17314

Sophos
Troj/MSIL-FMQ
4.98

Trend Micro House Call
TROJ_GEN.R00UC0DJF16
7.2.75

Trend Micro
TROJ_GEN.R00UC0DJF16
10.465.16

Vba32 AntiVirus
Backdoor.MSIL.Bladabindi
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
53888

ViRobot
Trojan.Win32.Z.Zusy.369978[h]
2014.3.20.0

File size:
361.3 KB (369,978 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
MSASCUI.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\999579\repair.exe

File PE Metadata
Compilation timestamp:
9/29/2015 3:04:47 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xFF7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
56 KB (57,344 bytes)

Startup File (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
Mechanic

Command:
"C:\ProgramData\999579\repair.exe"


Remove repair.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.