» 26c5f5a5bb7060a66e3414fd56222100.pe
Overview
Analysis
File Details

26c5f5a5bb7060a66e3414fd56222100.pe

工程1

11111

The file 26c5f5a5bb7060a66e3414fd56222100.pe has been detected as a potentially unwanted program by 25 anti-malware scanners.

File name:

Publisher:

11111

Product:

工程1

Version:

1.00

MD5:

26c5f5a5bb7060a66e3414fd56222100

SHA-1:

daaa13db89bbc3b35d54dc7dbbbb807f3513cbe8

SHA-256:

975bad2bec332102a136730967fc6449f8dd8d2a5f0223c1acaeb5073bedf2e8

Scanner detections:

25 / 68

Status:

Potentially unwanted

Analysis date:

12/23/2024 7:26:24 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1914107

657

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

TR/Rogue.640512.1

3.6.1.96

avast!

Win32:Dropper-gen [Drp]

2014.9-150418

AVG

SHeur4

2016.0.3135

Baidu Antivirus

Hacktool.Win32.FlowSpirit

4.0.3.15418

Bitdefender

Trojan.GenericKD.1914107

1.0.20.540

Dr.Web

Trojan.DownLoader11.37669

9.0.1.0108

Emsisoft Anti-Malware

Gen:Trojan.Heur.VP.Om0@aeVZ4tgj

8.15.04.18.06

ESET NOD32

Win32/FlowSpirit.H potentially unsafe (variant)

9.11377

Fortinet FortiGate

Riskware/FlowSpirit

4/18/2015

F-Secure

Trojan.GenericKD.1914107

11.2015-18-04_7

G Data

Gen:Trojan.Heur.VP.Om0@aeVZ4tgj

15.4.25

herdProtect (fuzzy)

variant of jingling.exe

2015.7.20.7

IKARUS anti.virus

Trojan.Rogue

t3scan.1.8.6.0

McAfee

RDN/Generic PUP.x!c2t

5600.6791

MicroWorld eScan

Trojan.GenericKD.1914107

16.0.0.324

NANO AntiVirus

Trojan.Win32.FlowSpirit.dgozjr

0.28.2.62671

Norman

Troj_Generic.WJQOH

11.20150720

nProtect

Trojan.GenericKD.1914107

14.10.16.01

Qihoo 360 Security

Win32/Trojan.888

1.0.0.1015

Sophos

Generic PUA JL

4.98

Trend Micro House Call

TROJ_GEN.R0C1H09JD14

7.2.108

Trend Micro

TROJ_GEN.R08JC0EJP14

10.465.18

VIPRE Antivirus

Trojan.Win32.Generic

38780

File size:

644 KB (659,456 bytes)

Product version:

1.00

Original file name:

eqnq.exe

Language:

Chinese (Simplified, PRC)

Common path:

C:\users\{user}\downloads\26c5f5a5bb7060a66e3414fd56222100.pe

File PE Metadata

Compilation timestamp:

3/19/2015 4:44:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:aBWWb1JKD7HGz9Dv4EcBCTmvF2W0O3sBlox3hT0munF5SV60R10n:0tKD7HGz9Dv4DCTmv8fOC6LTfunF5SVA

Entry address:

0x11E4

Entry point:

68, 24, 13, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 20, 22, E5, F4, CE, 7C, 3D, 46, 8A, 4D, A8, 53, 7F, 55, E3, 2D, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, B9, A4, B3, CC, 31, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 00, B9, F4, 0E, B6, 8A, 19, E2, 47, A9, 6F, 73, E6, 83, DE, 7A, 31, 0D, 4F, CB, FF, C0, 01, 3F, 44, BF, 24, 4E, F6, F4, 3D, DF, AE, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

6.4216

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

8 KB (8,192 bytes)

Remove 26c5f5a5bb7060a66e3414fd56222100.pe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.