» autorun-killer-3.9.exe
Overview
Analysis
File Details
Downloads (2)

autorun-killer-3.9.exe

Autorun Killer

The executable autorun-killer-3.9.exe, “Delete Shortcut & Anit Autorun” has been detected as malware by 16 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download.thaiware.com and multiple other hosts.

File name:

Publisher:

Microsoft* (Invalid match)

Product:

Autorun Killer

Description:

Delete Shortcut & Anit Autorun

Version:

3.00

MD5:

97f012e326564ebed09d061950798ce1

SHA-1:

0c16972c14bf7c5a655dc8378579075441c1c412

SHA-256:

9d9cbb37451a7973ffac11fcb9d628aad59c83a1e430308150def8fbbbd9846b

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

11/23/2024 1:23:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.Dm0@cDHirZfi

559

Arcabit

Trojan.Heur.E558E7

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150725

Bitdefender

Gen:Trojan.Heur.Dm0@cDHirZfi

1.0.20.1030

Bkav FE

HW32.Packed

1.3.0.6979

Comodo Security

UnclassifiedMalware

22839

Emsisoft Anti-Malware

Gen:Trojan.Heur.Dm0@cDHirZfi

8.15.07.25.12

F-Secure

Gen:Trojan.Heur.Dm0@cDHirZfi

11.2015-25-07_7

G Data

Gen:Trojan.Heur.Dm0@cDHirZfi

15.7.25

IKARUS anti.virus

Trojan.Win32.Spy

t3scan.1.9.5.0

McAfee

Artemis!97F012E32656

5600.6693

MicroWorld eScan

Gen:Trojan.Heur.Dm0@cDHirZfi

16.0.0.618

Trend Micro House Call

PAK_Otorun8

7.2.206

Trend Micro

PAK_Otorun8

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

42226

ViRobot

Trojan.Win32.S.Agent.475136.BU[h]

2014.3.20.0

File size:

464 KB (475,136 bytes)

Product version:

3.00

kudo-shiniji@hotmail.com

Trademarks:

Maythasit Torpakchayanan

Original file name:

Autorun Killer 3.9.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\???????????\?????????????\autorun-killer-3.9.exe

File PE Metadata

Compilation timestamp:

3/15/2013 3:04:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:66uu3NJ8TmaCCVn7zsH+0pfoJX8KkSjBy2:18T4o7zsXpWXRpt

Entry address:

0x1530

Entry point:

68, 08, CE, 42, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 5A, 95, 37, 01, 6A, 4E, 2C, 4A, BD, 00, 13, CB, 2A, 76, BF, CC, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 41, 75, 74, 6F, 72, 75, 6E, 5F, 4B, 69, 6C, 6C, 65, 72, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 1F, 63, 37, A5, F4, 12, 62, 51, 46, B6, 99, 98, 12, ED, ED, 6D, D3, 6F, 01, F9, 89, 44, A3, C8, 40, A1, AE, 63, 48, A0, 8F, D3, 2B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

7.6449

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

452 KB (462,848 bytes)

The file autorun-killer-3.9.exe has been seen being distributed by the following 2 URLs.

http://download.thaiware.com/.../Autorun-Killer-3.9.exe

http://software.thaiware.com/download_url.php?id=11846

Remove autorun-killer-3.9.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.