» 5csaiacyogaass.exe
Overview
Analysis
File Details
Behaviors (1)

5csaiacyogaass.exe

Cobind

The executable 5csaiacyogaass.exe has been detected as malware by 4 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named mcsscanner triggered to execute each time a user logs in.

File name:

5csaiacyogaass.exe

Publisher:

Cobind (signed and verified)

MD5:

6d920dc4cb16ef37dd1b094443c6f3bd

SHA-1:

017946e381cb7c203bdcdd27cff4648e3b971fee

SHA-256:

f2cfb4ed01b9e3e4a7dc5f72ba000719f368c37a295704c945177f96994ab8e2

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

11/27/2024 7:52:37 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Evo-gen [Susp]

160807-0

Dr.Web

Detection.Undefined

9.0.1.05190

ESET NOD32

MSIL/Injector.PZX trojan

6.3

Microsoft Security Essentials

Backdoor:Win32/Fynloski

1.225.3703.0

File size:

721.4 KB (738,720 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\5csaiacyogaass.exe

Digital Signature

Signed by:

Cobind

Authority:

Cobind

Valid from:

8/5/2016 6:36:03 AM

Valid to:

8/3/2026 6:36:03 AM

Subject:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:

00ABF3127C9761E782

File PE Metadata

Compilation timestamp:

8/7/2016 11:38:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:0Jk5zfRjI3/zWwznWy3gjQcNSQ8WmyQShpogKyDSGIOZ3KKW84TBS4TW/f88L:r7yPnWy33cNTQShk0wb84E4TWt

Entry address:

0xB144E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9059

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

704 KB (720,896 bytes)

Scheduled Task

Task name:

mcsscanner

Path:

\Update\mcsscanner

Trigger:

Logon (Runs on logon)

Remove 5csaiacyogaass.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.