home

{69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe

Nero StartSmart Essentials 2009

Nero StartSmart Essentials

The executable {69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe has been detected as malware by 33 anti-virus scanners. The file has been seen being downloaded from tuvaustriahellas.gr and multiple other hosts.
Publisher:
Nero StartSmart Essentials

Product:
Nero StartSmart Essentials 2009

Version:
9.0.0.1

MD5:
67388bb61df3a46cb102152300746450

SHA-1:
22c5b88aa44b555ab6e6448e300c8dbbfc47eb9b

SHA-256:
237130195cabb4d16801fc02baec3b8e9ab9692e9165fd010860305e9999dec8

Scanner detections:
33 / 68

Status:
Malware

Analysis date:
1/14/2025 10:39:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1517016
1054

AhnLab V3 Security
Trojan/Win32.Redyms
14.03.18

Avira AntiVirus
TR/TorSolar.A.12
7.11.137.116

avast!
Win32:Malware-gen
2014.9-140318

AVG
Worm/Generic3
2015.0.3532

Baidu Antivirus
Trojan.Win32.Yakes
4.0.3.14318

Bitdefender
Trojan.GenericKD.1517016
1.0.20.385

Bkav FE
W32.GenericNapolarG.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17942

Emsisoft Anti-Malware
Trojan.GenericKD.1517016
8.14.03.18.10

ESET NOD32
Win32/Napolar
8.9549

Fortinet FortiGate
W32/Yakes.A!tr
3/18/2014

F-Prot
W32/Agent.XB.gen
v6.4.7.1.166

F-Secure
Trojan.GenericKD.1517016
11.2014-18-03_3

G Data
Trojan.GenericKD.1517016
14.3.24

IKARUS anti.virus
Trojan.Win32.Napolar
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11451

Kaspersky
Trojan.Win32.Yakes
14.0.0.4153

Malwarebytes
Trojan.Agent.ED
v2014.03.18.10

McAfee
RDN/Generic.dx!c2g
5600.7188

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.10302

MicroWorld eScan
Trojan.GenericKD.1517016
15.0.0.231

Norman
Obfuscated_J.OVP
11.20140318

nProtect
Trojan.GenericKD.1517016
14.03.15.01

Panda Antivirus
Trj/Crilock.C
14.03.18.10

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Quick Heal
Trojan.Napolar
3.14.12.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D
23.00.65.14316

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNV.03AT14
7.2.77

Trend Micro
TROJ_SPNV.03AT14
10.465.18

Vba32 AntiVirus
SScope.Worm.Ngrbot.2414
3.12.24.3

VIPRE Antivirus
Worm.Win32.Dorkbot.b
27456

File size:
265 KB (271,360 bytes)

Product version:
9.0.0.1

Original file name:
nero.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\{69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe

File PE Metadata
Compilation timestamp:
1/25/2014 8:08:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:oD/wd4AOQRBbB3cRAsoHSHl/dfX07Koq8wriOtQWuCb:oD/wd4m/beOHSHlVfX0pfAiOtbhb

Entry address:
0x1A62

Entry point:
E8, 58, 44, 00, 00, E9, 89, FE, FF, FF, 6A, 0A, FF, 15, 3C, D1, 40, 00, A3, 64, 99, 41, 00, 33, C0, C3, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 10, 83, E4, F0, D9, C9, DD, 1C, 24, DD, 5C, 24, 08, E8, 02, 00, 00, 00, C9, C3, 66, 0F, 12, 44, 24, 04, 66, 0F, 12, 3D, 90, 0B, 41, 00, 66, 0F, 12, 15, A0, 0B, 41, 00, 66, 0F, 54, F8, F2, 0F, 10, E0, 66, 0F, 73, D0, 2C, 66, 0F, C5, C0, 00, 66, 0F, 56, FA, 66, 0F, C5, CC, 03, 25, FF, 00, 00, 00, 83, C0, 01, 25, FE, 01, 00, 00, F2, 0F, 59, 3C, 85, 00, D3, 40, 00, 66, 0F...
 
[+]

Entropy:
7.0558

Code size:
48 KB (49,152 bytes)

User Start Menu Item
Name:
{69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe


The file {69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe has been seen being distributed by the following 5 URLs.

http://tuvaustriahellas.gr/?3o7xquoe=0fca22f5359a024edad5

http://www.4shared.com/download/g35EdS__ba/.../QwlPbWC

http://dc650.4shared.com/.../g35EdS__ba

http://www.4shared.com/download/g35EdS__ba/.../fThckn

http://tuvaustriahellas.gr/?8n8ux4kbg0cy=def07c06cfffddd3

Remove {69fd7e70-c346-9070-bb28-c1c169fd7e70}.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.