home

9787g4fr4.exe

Fad Decompress

McAfee Inc

The executable 9787g4fr4.exe, “Eventhandlingscopeactivity Multiplexer” has been detected as malware by 36 anti-virus scanners. The file has been seen being downloaded from www.willsweb.talktalk.net.
Publisher:
McAfee Inc

Product:
Fad Decompress

Description:
Eventhandlingscopeactivity Multiplexer

Version:
3.8.33.120

MD5:
9f6ce868b6e3671afe731de8768b9c8c

SHA-1:
3babc0e3438361be692272268dde5307b08aecb7

SHA-256:
af345dfd3dac80ac16ab6bd087a21d09ec76fc5b869e709b0fe5cd2f312a278a

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
11/15/2024 2:59:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2988534
341

AegisLab AV Signature
Troj.Generickd!c
2.1.4+

Agnitum Outpost
Trojan.Yakes
7.1.1

AhnLab V3 Security
Trojan/Win32.Drixed
2016.02.17

Avira AntiVirus
TR/AD.DridexDownloader.Y.39
8.3.3.2

avast!
Win32:Malware-gen
2014.9-160229

AVG
Crypt5
2017.0.2819

Bitdefender
Trojan.GenericKD.2988534
1.0.20.300

Comodo Security
UnclassifiedMalware
24230

Dr.Web
Trojan.Dridex.302
9.0.1.060

Emsisoft Anti-Malware
Trojan.Win32.Injector
8.16.02.29.04

ESET NOD32
Win32/Dridex.AA
10.13039

Fortinet FortiGate
W32/Dridex.MO!tr
2/29/2016

F-Prot
W32/Dridex.GS
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2988534
11.2016-29-02_2

G Data
Trojan.GenericKD.2988534
16.2.25

IKARUS anti.virus
Trojan.Win32.Dridex
t3scan.2.0.6.0

K7 AntiVirus
Trojan
13.213.18762

Kaspersky
Trojan.Win32.Yakes
14.0.0.589

Malwarebytes
Trojan.Dridex
v2016.02.29.04

McAfee
Trojan-Dridex
5600.6475

Microsoft Security Essentials
Backdoor:Win32/Drixed
1.1.12400.0

MicroWorld eScan
Trojan.GenericKD.2988534
17.0.0.180

NANO AntiVirus
Trojan.Win32.Dridex.dzrcqd
1.0.14.6204

nProtect
Trojan.GenericKD.2988534
16.02.16.01

Panda Antivirus
Trj/WLT.B
16.02.29.04

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1120

Quick Heal
Backdoor.Drixed.rw3
2.16.14.00

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16227

Sophos
Troj/Dridex-MO
4.98

Total Defense
Win32/Remex.ZBDF!suspicious
37.1.62.1

Trend Micro House Call
TSPY_DRIDEX.YYSQK
7.2.60

Trend Micro
TSPY_DRIDEX.YYSQK
10.465.29

VIPRE Antivirus
Trojan.Win32.Generic
47258

ViRobot
Trojan.Win32.Dridex.125952[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Crypt.Win32.23103
2.0.0.2667

File size:
123 KB (125,952 bytes)

Product version:
3.8.33.120

Copyright:
Copyright 1995-Present McAfee Inc

Trademarks:
Copyright 1995-Present McAfee Inc

Original file name:
Fad Decompress

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\9787g4fr4.exe

File PE Metadata
Compilation timestamp:
1/14/2016 5:01:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:5dhZXi3NtQhZ4GY9pphpcMFciOGGdxEi90GNzyNc1AeRIc:5jZXiX335OGOx/90xIH

Entry address:
0xC805

Entry point:
E8, 3E, 05, 00, 00, E9, 65, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, F8, 41, 00, 89, 0D, 44, F8, 41, 00, 89, 15, 40, F8, 41, 00, 89, 1D, 3C, F8, 41, 00, 89, 35, 38, F8, 41, 00, 89, 3D, 34, F8, 41, 00, 66, 8C, 15, 60, F8, 41, 00, 66, 8C, 0D, 54, F8, 41, 00, 66, 8C, 1D, 30, F8, 41, 00, 66, 8C, 05, 2C, F8, 41, 00, 66, 8C, 25, 28, F8, 41, 00, 66, 8C, 2D, 24, F8, 41, 00, 9C, 8F, 05, 58, F8, 41, 00, 8B, 45, 00, A3, 4C, F8, 41, 00, 8B, 45, 04, A3, 50, F8, 41, 00, 8D, 45, 08, A3, 5C, F8, 41...
 
[+]

Entropy:
7.5048

Code size:
54 KB (55,296 bytes)

The file 9787g4fr4.exe has been seen being distributed by the following URL.

http://www.willsweb.talktalk.net/.../9787g4fr4.exe

Remove 9787g4fr4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.