» crypter.exe
Overview
Analysis
File Details
Downloads (1)

crypter.exe

Marienkäfer Ficker v0.1

Microsoft 2012

The executable crypter.exe has been detected as malware by 21 anti-virus scanners. The file has been seen being downloaded from media02.arabsh.com.

File name:

crypter.exe

Publisher:

Microsoft 2012

Product:

Marienkäfer Ficker v0.1

Version:

1.2.5.4

MD5:

dcfb7a85ade58b4541c18ca6e2acfc60

SHA-1:

f8fb98bbf730487d233e4d1e45a056db48b3067e

SHA-256:

c35b90eb66cc4c546ce2c373fe01679911576565a596bae16058bcb1bb8c020f

Scanner detections:

21 / 68

Status:

Malware

Explanation:

The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:

12/29/2024 4:29:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.47652

1136

Agnitum Outpost

HackTool.Crypter

7.1.1

Avira AntiVirus

TR/Keylogger.AY

7.11.125.244

Baidu Antivirus

HackTool.MSIL.Crypter

4.0.3.14121

Bitdefender

Gen:Variant.Strictor.47652

1.0.20.1795

Comodo Security

UnclassifiedMalware

17647

Dr.Web

Trojan.Packed.25420

9.0.1.021

Emsisoft Anti-Malware

Gen:Variant.Strictor.47652

8.13.12.25.12

ESET NOD32

MSIL/HackTool.Crypter.AO

7.9315

Fortinet FortiGate

Malware_fam.NB

12/25/2013

F-Secure

Gen:Variant.Strictor.47652

11.2014-21-01_3

G Data

Gen:Variant.Strictor.47652

13.12.24

IKARUS anti.virus

Trojan.KeyLogger

t3scan.2.2.29

K7 AntiVirus

Hacktool

13.175.10899

McAfee

Artemis!DCFB7A85ADE5

5600.7270

MicroWorld eScan

Gen:Variant.Strictor.47652

15.0.0.63

NANO AntiVirus

Trojan.Win32.Keylogger.csnyjd

0.28.0.57380

Norman

Troj_Generic.RTEAA

11.20131225

Sophos

Mal/Generic-S

4.96

Trend Micro House Call

TROJ_GEN.R0CBB01A214

7.2.21

VIPRE Antivirus

Trojan.Win32.Generic

25632

File size:

884 KB (905,216 bytes)

Product version:

1.2.5.4

Original file name:

WHClabs.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\?????????????????????????????????????????????????????????????????\crypter.exe

File PE Metadata

Compilation timestamp:

6/23/2012 9:32:16 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:PjQQA0trnOO+UFIHg/fMMQQA0trnOO+UFIHg/f:rQQA0trnOO+vA3xQQA0trnOO+vA3

Entry address:

0x7484E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

3.4489

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

458.5 KB (469,504 bytes)

The file crypter.exe has been seen being distributed by the following URL.

http://media02.arabsh.com/file/1402776282/.../Crypter.exe

Remove crypter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.