» 2gepugzs
Overview
Analysis
File Details

2gepugzs

Kemeda

The file 2gepugzs has been detected as malware by 28 anti-virus scanners.

File name:

2gepugzs

Publisher:

Kemeda (signed and verified)

Version:

12.38.25.9

MD5:

99e745dfd887f9449df580ab64ede3c7

SHA-1:

3c5b9e2428b0fd58f2b0a71ed9c9a636cf2abd42

SHA-256:

6c9387504932942c8914d754e4b1ee98019346fc3eced50ee2b8b894b67af442

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

12/28/2024 4:38:57 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Androm

7.1.1

AhnLab V3 Security

Malware/Win32.Generic

2016.01.17

Avira AntiVirus

TR/Dropper.MSIL.225968

8.3.2.4

avast!

Win32:Malware-gen

2014.9-160219

AVG

MSIL9

2017.0.2829

Baidu Antivirus

Trojan.MSIL.Injector

4.0.3.16219

Bitdefender

Trojan.GenericKD.2877809

1.0.20.250

Bkav FE

HW32.Packed

1.3.0.7400

Dr.Web

Trojan.DownLoader17.15248

9.0.1.050

Emsisoft Anti-Malware

Trojan.GenericKD.2877809

8.16.02.19.05

ESET NOD32

MSIL/Injector.MTF (variant)

10.12880

Fortinet FortiGate

MSIL/Injector.MTF!tr

2/19/2016

F-Secure

Trojan.GenericKD.2877809

11.2016-19-02_6

G Data

Trojan.GenericKD.2877809

16.2.25

IKARUS anti.virus

Trojan.Crypt.XPACK

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18450

Kaspersky

Backdoor.Win32.Androm

14.0.0.639

McAfee

RDN/Generic BackDoor

5600.6485

Microsoft Security Essentials

TrojanSpy:MSIL/Omaneat.A

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.2877809

17.0.0.150

NANO AntiVirus

Trojan.Win32.DownLoader17.dyutjp

1.0.14.5380

nProtect

Trojan.GenericKD.2877809

16.01.15.02

Panda Antivirus

Trj/GdSda.A

16.02.19.05

Qihoo 360 Security

Win32/Trojan.97a

1.0.0.1077

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R021C0DKJ15

10.465.19

VIPRE Antivirus

Trojan.Win32.Generic

46560

Zillya! Antivirus

Downloader.Adload.Win32.24213

2.0.0.2615

File size:

425.5 KB (435,688 bytes)

Product version:

12.38.25.9

Original file name:

kcl.exe

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\2gepugzs

Digital Signature

Signed by:

Kemeda

Authority:

Kemeda

Valid from:

10/21/2015 7:07:25 PM

Valid to:

10/21/2016 7:07:25 PM

Subject:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Issuer:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Serial number:

008C6590B70633A028

File PE Metadata

Compilation timestamp:

11/16/2015 12:46:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:M+MEXnchyRoFEyLG8H3QxTtjo+HZeJlblG/uyRh1doCKnzkZSLT4Sn+:M+MEXcz5LTg70+5ylG/71mCKTTX+

Entry address:

0x6B5DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

421.5 KB (431,616 bytes)

Remove 2gepugzs - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.