home

1398392.exe

Source Medical Solutions Inc.

The application 1398392.exe by Source Medical Solutions has been detected as a potentially unwanted program by 34 anti-malware scanners.
Publisher:
Source Medical Solutions Inc.  (signed and verified)

MD5:
118d0ef99df22c9a449e775f6461bcbd

SHA-1:
931cdc98728165921631cb8a7db62b633f3c09f9

SHA-256:
f864e6e135c3d0d88747cf45661dccdba3e72d8ff638c0c82163a0a820bd10df

Scanner detections:
34 / 68

Status:
Potentially unwanted

Analysis date:
1/15/2025 8:33:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.FakeAV.NNT
113

Agnitum Outpost
FraudTool.FakeSysDef
7.1.1

AhnLab V3 Security
Trojan/Win32.Foreign
2014.02.07

Avira AntiVirus
TR/Crypt.ZPACK.30684
7.11.129.216

avast!
Win32:Crypt-QBP [Trj]
2014.9-161014

AVG
Generic_r
2017.0.2591

Bitdefender
Trojan.FakeAV.NNT
1.0.20.1440

Bkav FE
HW32.CDB
1.3.0.4923

Comodo Security
TrojWare.Win32.Kryptik.BMCN
17740

Dr.Web
Trojan.Fakealert.44526
9.0.1.0288

Emsisoft Anti-Malware
Trojan.FakeAV.NNT
8.16.10.14.10

ESET NOD32
Win32/AdWare.FakeAV
10.9389

Fortinet FortiGate
W32/Kryptik.BKOO!tr
10/14/2016

F-Secure
Trojan.FakeAV.NNT
11.2016-14-10_6

G Data
Trojan.FakeAV.NNT
16.10.24

IKARUS anti.virus
Trojan.Win32.FakeAV
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.11086

Kaspersky
Trojan-FakeAV.Win32.SmartFortress2012
14.0.0.-552

Malwarebytes
Malware.Packer.CV
v2016.10.14.10

McAfee
FakeSecTool-FBV!118D0EF99DF2
5600.6247

Microsoft Security Essentials
Rogue:Win32/Winwebsec
1.165.247.01

MicroWorld eScan
Trojan.FakeAV.NNT
17.0.0.864

NANO AntiVirus
Trojan.Win32.FakeAV.cqikfl
0.28.0.57630

Norman
FakeAlert.DPFR
11.20161014

nProtect
Trojan.FakeAV.NNT
14.02.06.02

Panda Antivirus
Trj/Genetic.gen
16.10.14.10

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Crypto!1.9E07
23.00.65.161012

Sophos
Mal/FakeAV-TP
4.97

SUPERAntiSpyware
Trojan.Agent/Gen-Winwebsec
8838

Trend Micro House Call
TROJ_KRYPTK.SM08
7.2.288

Trend Micro
TROJ_KRYPTK.SM08
10.465.14

Vba32 AntiVirus
TrojanFakeAV.FakeSysDef
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Urausy.el
26196

File size:
581.1 KB (595,096 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\1398392.exe

Digital Signature
Signed by:
Source Medical Solutions Inc.

Authority:
VeriSign, Inc.

Valid from:
1/24/2013 6:00:00 PM

Valid to:
3/26/2014 6:59:59 PM

Subject:
CN=Source Medical Solutions Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Source Medical Solutions Inc., L=Birmingham, S=Alabama, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6260A35CA2ED3B8CB8F2DEAB4740EB36

File PE Metadata
Compilation timestamp:
10/21/2013 7:26:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:aS6stVWx0XfWb92Z1S0ogxgnku/yexvn540wxasqTL+A0kyOFnr:abMi0Xf4u1S0ogGxxxvneNxS2AJLlr

Entry address:
0x22CF

Entry point:
55, 8B, EC, 6A, FF, 68, 08, 92, 40, 00, 68, 58, 3F, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 50, 90, 40, 00, 33, D2, 8A, D4, 89, 15, 00, A2, 45, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, FC, A1, 45, 00, C1, E1, 08, 03, CA, 89, 0D, F8, A1, 45, 00, C1, E8, 10, A3, F4, A1, 45, 00, 6A, 01, E8, F5, 1A, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 15, 1A, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
7.8271

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
29 KB (29,696 bytes)

Remove 1398392.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.