» application.exe
Overview
Analysis
File Details
Downloads (1)

application.exe

The executable application.exe has been detected as malware by 32 anti-virus scanners. This is a setup program which is used to install the application. This trojon will perform a number of actions that will compromise a PC including changing protected system registry values, hiding in protected operating system locations and downloading and installing additional malware. The file has been seen being downloaded from update.idmsilent.net.

File name:

application.exe

MD5:

085e698abe2458d49c096b57af14f2e3

SHA-1:

c033ee99629a719a5117f95782717e3f68bded94

SHA-256:

357a39163c89ba4fd4fd084171f3b9a9d96666946a608a3c44bd0e0266490a3e

Scanner detections:

32 / 68

Status:

Malware

Analysis date:

11/23/2024 12:40:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1609564

860

Agnitum Outpost

Trojan.BitMiner

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2014.08.11

Avira AntiVirus

TR/Rogue.1609564

7.11.166.104

avast!

Win32:Inject-BHU [Trj]

2014.9-140927

AVG

PSW.Generic12

2015.0.3338

Baidu Antivirus

Trojan.MSIL.BitMiner

4.0.3.14927

Bitdefender

Trojan.GenericKD.1609564

1.0.20.1350

Bkav FE

W32.StawingmanLTAAAI.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19146

Dr.Web

Trojan.DownLoader9.710

9.0.1.0270

Emsisoft Anti-Malware

Trojan.GenericKD.1609564

8.14.09.27.11

ESET NOD32

MSIL/Agent.NT

8.10232

Fortinet FortiGate

W32/BitMiner.HQ!tr

9/27/2014

F-Secure

Packed:MSIL/SmartIL.A

11.2014-27-09_7

G Data

Trojan.GenericKD.1609564

14.9.24

IKARUS anti.virus

Trojan.Win32.Inject

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.183.12998

Kaspersky

Trojan.MSIL.BitMiner

14.0.0.3185

Malwarebytes

Trojan.MSIL

v2014.09.27.11

McAfee

RDN/Generic.grp!ha

5600.6994

Microsoft Security Essentials

Trojan:Win32/Malagent!gmb

1.10802

MicroWorld eScan

Trojan.GenericKD.1609564

15.0.0.810

nProtect

Trojan.GenericKD.1609564

14.08.10.01

Panda Antivirus

Trj/CI.A

14.09.27.11

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Quick Heal

Trojan.MSI.r3

9.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1699D610!379180560

23.00.65.14925

Sophos

Troj/MSIL-QF

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PCN14

7.2.270

Trend Micro

TROJ_GEN.R0CBC0PCN14

10.465.27

VIPRE Antivirus

Trojan.Win32.Generic

32094

File size:

393.5 KB (402,944 bytes)

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\ProgramData\microsoft net framework 4.5\application.exe

File PE Metadata

Compilation timestamp:

3/17/2014 6:56:30 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:1cU89Eop3grT8XC5WUWgXwhrEXdgi6MJ24ZJK1s/gT2xg7Cp5uvZnlXYOz:1TsEop36YhgghoB1Z41igGwZnhY

Entry address:

0x63C9E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8945

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

391.5 KB (400,896 bytes)

The file application.exe has been seen being distributed by the following URL.

http://update.idmsilent.net/update.exe

Remove application.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.