home

securityy.ba6.exe

NanoCore

NanoCore.io

The executable securityy.ba6.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘securityy’.
Publisher:
NanoCore.io

Product:
NanoCore

Version:
1.4.0.0

MD5:
7437b71443cac577f450ec7cd79107ac

SHA-1:
0600ca913e2500edc61cb670c64a6f1404b28dbd

SHA-256:
e8e250ad9c1f99819080dc2f1333dd89bdf94ddcf263b5ebef0e3bbd18f186f5

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
5/3/2024 1:53:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.208823
-40

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.NanoCore.C1751990
3.8.3.16

Avira AntiVirus
TR/Dropper.MSIL.bwalc
8.3.3.4

Arcabit
Trojan.Zusy.D32FB7
1.0.0.798

avast!
Win32:Malware-gen
2014.9-170315

AVG
Atros4
2018.0.2438

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17315

Bitdefender
Gen:Variant.Zusy.208823
1.0.20.370

Clam AntiVirus
Win.Trojan.Nanocore-5
0.99.211

Dr.Web
Trojan.Nanocore.23
9.0.1.074

Emsisoft Anti-Malware
Gen:Variant.Zusy.208823
8.17.03.15.06

ESET NOD32
MSIL/NanoCore (variant)
11.15063

Fortinet FortiGate
MSIL/Generic.AP.29162!tr
3/15/2017

F-Prot
W32/Ransom.AY.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.208823
11.2017-15-03_4

G Data
MSIL.Backdoor.Nancat
17.3.A:25.11099B:25.9046

IKARUS anti.virus
Trojan.MSIL.NanoCore
0.2.1.2

K7 AntiVirus
Trojan
13.10.4.22672

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1314

Malwarebytes
Backdoor.NanoCore
v2017.03.15.06

McAfee
PUP-XAQ-AG
5600.6094

Microsoft Security Essentials
HackTool:MSIL/Noancooe.B
1.1.13504.0

MicroWorld eScan
Gen:Variant.Zusy.208823
18.0.0.222

NANO AntiVirus
Trojan.Win32.NanoCore.emecas
1.0.70.15657

Panda Antivirus
Trj/CI.A
17.03.15.06

Sophos
Troj/NanoCor-BT
4.98

SUPERAntiSpyware
Hack.Tool/Gen-Nanocore
8533

Trend Micro House Call
TROJ_GEN.R03EC0EC617
7.2.74

Trend Micro
TROJ_GEN.R03EC0EC617
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
56532

ViRobot
Trojan.Win32.Z.Nanocore.265728.CT[h]
2014.3.20.0

Zillya! Antivirus
Trojan.NanoCore.Win32.3178
2.0.0.3228

File size:
259.5 KB (265,728 bytes)

Product version:
1.4.0.0

Copyright:
2013-2017

Original file name:
Client.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\securityy.ba6.exe

File PE Metadata
Compilation timestamp:
3/5/2017 6:32:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x4188E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9477

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
254.5 KB (260,608 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
securityy

Command:
C:\users\{user}\appdata\local\temp\securityy.ba6.exe


Remove securityy.ba6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.