» root.exe
Overview
Analysis
File Details

root.exe

The executable root.exe has been detected as malware by 27 anti-virus scanners.

File name:

root.exe

MD5:

0d67dbe84b16cf64b85da39741b8c617

SHA-1:

9936e3afe7a1f147ab495189d50de32d1e685b56

SHA-256:

00dd29f4e8459cdbcfe28f8fd4ec3dd6d6fd1b15bad4ef2708d482e304ea111b

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/29/2024 12:11:38 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Hamweq.608768

5.0.

Avira AntiVirus

Worm/Autorun.ewp

7.9.1.65

Emsisoft A-Squared

Worm.Win32.AutoRun!IK

4.5.0.41

avast!

Win32:Hamweq-B

2014.9-170314

AVG

Worm/Generic_c

2018.0.2439

Bitdefender

Trojan.Generic.2098455

1.0.20.365

Comodo Security

Worm.Win32.AutoRun.ewp

2939

Dr.Web

Trojan.Packed.650

9.0.1.073

ESET NOD32

Win32/AutoRun.Agent.IC

11.4603

Fortinet FortiGate

W32/AutoRun.EWP!worm

3/14/2017

F-Prot

W32/Themida_Packed

v6.4.5.1.85

F-Secure

Trojan.Generic.2098455

11.2017-14-03_3

G Data

Trojan.Generic.2098455

17.3.19

IKARUS anti.virus

Worm.Win32.AutoRun

t3scan.1.1.74.0

K7 AntiVirus

Worm.Win32.AutoRun

13.7.10.894

Kaspersky

Worm.Win32.AutoRun

14.0.0.-1308

McAfee

Generic.dx

5600.6095

Microsoft Security Essentials

Worm:Win32/Hamweq.A

1.163.1557.0

Norman

W32/AutoRun.NSK

11.20170314

nProtect

Worm/W32.AutoRun.608768

2009.1.8.0

Panda Antivirus

Trj/Hamweq.J

17.03.14.03

Prevx

High Risk Cloaked Malware

3.0

Quick Heal

Worm.AutoRun.ewp

3.17.10.00

Sophos

Mal/Generic-A

4.47

Trend Micro

WORM_AUTORUN.ILZ

10.465.14

Vba32 AntiVirus

Win32.AutoRun.Agent.IC

3.12.10.11

ViRobot

Worm.Win32.Autorun.608768

2009.11.13.2034

File size:

594.5 KB (608,768 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

1/30/2009 7:29:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x157000

Entry point:

83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 20, 09, 00, 2D, F4, 39, 5F, 00, 05, E9, 39, 5F, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 5B, 58, 74, 5A, 68, 2E, 46, 01, 4B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8809 (probably packed)

Code size:

8 KB (8,192 bytes)

Remove root.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.