11031679.exe

Saline

ICOFX SOFTWARE SRL

The executable 11031679.exe has been detected as malware by 32 anti-virus scanners.
Publisher:
The Eraser Project  (signed by ICOFX SOFTWARE SRL)

Product:
Saline

Version:
7.06.0002

MD5:
e4bbf89259755c154f5fd1e5df7742e8

SHA-1:
cc6662b8a2c2a3b2bba11b963a9c8e7e1582b6ac

SHA-256:
f374db7e93b5aae70c1a884a1484a094944a0be23230a25364a5cde3c9140ee7

Scanner detections:
32 / 68

Status:
Malware

Analysis date:
12/27/2024 12:43:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.JVD.1
-39

Agnitum Outpost
Trojan.Muref
7.1.1

AhnLab V3 Security
Trojan/Win32.Miuref
2015.05.04

avast!
Win32:Trojan-gen
2014.9-170315

AVG
Inject2
2018.0.2439

Baidu Antivirus
Trojan.Win32.Muref
4.0.3.17315

Bitdefender
Gen:Heur.JVD.1
1.0.20.370

Comodo Security
UnclassifiedMalware
21986

Dr.Web
Trojan.Siggen6.23087
9.0.1.074

Emsisoft Anti-Malware
Gen:Heur.JVD
8.17.03.15.08

ESET NOD32
Win32/Injector.BTUC (variant)
11.11568

Fortinet FortiGate
W32/Muref.CD!tr
3/15/2017

F-Secure
Gen:Heur.JVD.1
11.2017-15-03_4

G Data
Gen:Heur.JVD
17.3.25

IKARUS anti.virus
Trojan.Win32.Injector
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15786

Kaspersky
Trojan.Win32.Muref
14.0.0.-1312

McAfee
GenericR-CWP!E4BBF8925975
5600.6095

Microsoft Security Essentials
Trojan:Win32/Miuref.F
1.1.11602.0

MicroWorld eScan
Gen:Heur.JVD.1
18.0.0.222

NANO AntiVirus
Trojan.Win32.Muref.dnjzxo
0.30.24.1357

Norman
Troj_Generic.YOEMP
11.20170315

Panda Antivirus
Trj/Genetic.gen
17.03.15.08

Qihoo 360 Security
Win32/Trojan.09c
1.0.0.1015

Quick Heal
VirTool.VBInject.LE3
3.17.14.00

Sophos
Mal/Generic-S
4.98

Total Defense
Win32/Miuref.XKTXGID
37.1.62.1

Trend Micro House Call
TROJ_GEN.R028C0CBD15
7.2.74

Trend Micro
TROJ_GEN.R028C0CBD15
10.465.15

Vba32 AntiVirus
Trojan.Muref
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
39902

Zillya! Antivirus
Trojan.Muref.Win32.35
2.0.0.2165

File size:
190.1 KB (194,680 bytes)

Product version:
7.06.0002

Copyright:
Saline

Trademarks:
Saline

Original file name:
Saline.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Traditional, Taiwan)

Common path:
C:\users\{user}\appdata\local\temp\11031679.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/3/2013 7:00:00 PM

Valid to:
2/4/2016 6:59:59 PM

Subject:
CN=ICOFX SOFTWARE SRL, O=ICOFX SOFTWARE SRL, STREET=str. Teilor nr. 10 sc. 2 ap. 24, L=Floresti, S=Cluj, PostalCode=407280, C=RO

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE9F0854CD6936A239D0FF5B81756164

File PE Metadata
Compilation timestamp:
9/23/2014 6:04:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x12E4

Entry point:
68, DC, 25, 41, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 33, 1E, 9E, A8, C7, 57, D1, 42, BA, 61, 46, B6, 7E, 59, 73, B3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 72, 62, 6F, 74, 65, 6E, 62, 65, 73, 74, FC, 72, 7A, 65, 6E, 64, 65, 73, 00, 20, 20, 20, 00, 00, 00, 00, FF, CC, 31, 00, 10, 11, C7, 14, 4D, 28, 16, 6E, 46, 99, 87, 30, D9, 54, 4A, 98, BE, ED, A8, 89, AC, 86, 04, D7, 42, A9, 8D, 6D, 13, 63, E7, 88, A8, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
6.3778

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
148 KB (151,552 bytes)

Remove 11031679.exe - Powered by Reason Core Security