» cimco_60107-patch.exe
Overview
Analysis
File Details
Downloads (1)

cimco_60107-patch.exe

The executable cimco_60107-patch.exe has been detected as malware by 26 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s10799.chomikuj.pl.

File name:

MD5:

b7d64f1cd3fbcbbaaa9e82a86927f2e0

SHA-1:

c3ea5c4b37420a3ee313ec17392b65de6a75b094

SHA-256:

6ac195d5a03f8747b534ed11c55eb22bd971b9317f049dc2fdec30955f190b6f

Scanner detections:

26 / 68

Status:

Malware

Analysis date:

12/27/2024 10:27:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Backdoor.Generic.542106

314

Baidu Antivirus

HackTool.Win32.Patcher

4.0.3.16327

Bitdefender

Backdoor.Generic.542106

1.0.20.435

Comodo Security

TrojWare.Win32.Patcher.~B

21667

Emsisoft Anti-Malware

Backdoor.Generic.542106

8.16.03.27.12

ESET NOD32

Win32/HackTool.Patcher.A potentially unsafe (variant)

10.11431

Fortinet FortiGate

Riskware/Patcher

3/27/2016

F-Prot

W32/Backdoor2.DXHO

v6.4.7.1.166

F-Secure

Backdoor.Generic.542106

11.2016-27-03_1

G Data

Backdoor.Generic.542106

16.3.25

IKARUS anti.virus

possible-Threat.Patch.SuspectCRC

t3scan.1.8.9.0

K7 AntiVirus

Riskware

13.202.15494

Malwarebytes

PUP.Hacktool.Patcher

v2016.03.27.12

McAfee

Artemis!B7D64F1CD3FB

5600.6448

Microsoft Security Essentials

HackTool:Win32/Keygen

1.1.11502.0

MicroWorld eScan

Backdoor.Generic.542106

17.0.0.261

NANO AntiVirus

Trojan.Win32.MulDrop4.dcarpb

0.30.8.659

Norman

keygen.X

11.20160327

nProtect

Trojan/W32.Agent.20992.KE

15.04.03.01

Panda Antivirus

Generic Malware

16.03.27.12

Quick Heal

HackTool.Patcher.A

3.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1272605F!309485663

23.00.65.16325

Sophos

MassDown

4.98

Trend Micro House Call

TROJ_GEN.R047C0EBF15

7.2.87

Trend Micro

TROJ_GEN.R047C0EBF15

10.465.27

VIPRE Antivirus

Trojan.Win32.Generic

39108

File size:

20.5 KB (20,992 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

9/21/2006 3:33:38 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

384:JN3i599llngVvKiyjaFfBnKNc7vVr/NUwKD4/yVS3/FgM8/9H:P3SgVvzyWnnKNsN57/mS3/mMm9H

Entry address:

0x21A0

Entry point:

E8, 79, 0B, 00, 00, E8, B4, 0A, 00, 00, 8B, F0, 6A, 00, 68, 9E, 53, 40, 00, 56, E8, 37, 0D, 00, 00, A2, E3, 59, 40, 00, 6A, 00, 68, A5, 53, 40, 00, 56, E8, 25, 0D, 00, 00, A2, E4, 59, 40, 00, 6A, 00, 68, AC, 53, 40, 00, 56, E8, 13, 0D, 00, 00, A2, E5, 59, 40, 00, 68, 25, 55, 40, 00, 68, B6, 53, 40, 00, 56, E8, FE, 0C, 00, 00, 3C, 01, 75, 19, BE, E6, 59, 40, 00, 68, 00, 02, 00, 00, 56, 68, 25, 55, 40, 00, E8, 41, 0A, 00, 00, 8B, C6, EB, 02, 33, C0, 50, E8, 49, 0D, 00, 00, 6A, 00, E8, 52, 0A, 00, 00, A3, C0... 
[+]

Packer / compiler:

dUP2

Code size:

8.5 KB (8,704 bytes)

The file cimco_60107-patch.exe has been seen being distributed by the following URL.

http://s10799.chomikuj.pl/File.aspx?e=V7wJfcrhjQ5MFDrvBf14dMoIH9B03J6xjyR7812cgTlpEzt-UI9n7w8Ec4RsY7Vq6hF_jpKf4OaGRfxrdrQhtkanzr5aVuA_LIyrNaxlqMIwLRz-GDgwqft3ga9IZ_sBoqc5doFNattcAN5gtbNfPg&pv=2

Remove cimco_60107-patch.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.