» device manager.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

device manager.exe

Qt Designer

Digia Plc and/or its subsidiary(-ies)

The executable device manager.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Microsoft Windows Manager’. The file has been seen being downloaded from evaporez.com.

File name:

device manager.exe

Publisher:

Digia Plc and/or its subsidiary(-ies)

Product:

Qt Designer

Version:

1.0.0.0

MD5:

a37ddd27fa89e8acfb0174164fc44755

SHA-1:

84f26d5fa1fdd359817f31779c4bd2dc812cca74

SHA-256:

50aab49e2f826aaec67b589597b19f73a523d4af21c2d82ad59f4ec4080b95d7

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

11/5/2024 1:43:42 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Androm

7.1.1

Avira AntiVirus

DR/Delphi.A.9469

8.3.2.2

Arcabit

Trojan.Generic.D2B8A91

1.0.0.590

avast!

Win32:Dropper-gen [Drp]

2014.9-151202

AVG

Inject3

2016.0.2908

Baidu Antivirus

Backdoor.Win32.Androm

4.0.3.15122

Bitdefender

Trojan.GenericKD.2853521

1.0.20.1680

Clam AntiVirus

Win.Trojan.Gamarue-478

0.98/22948

Dr.Web

Trojan.PWS.Siggen1.41536

9.0.1.0336

Emsisoft Anti-Malware

Trojan.GenericKD.2853521

8.15.12.02.05

ESET NOD32

Win32/Injector.CLWY trojan

6.3.12010.0

Fortinet FortiGate

W32/Androm.IPMX!tr.bdr

12/2/2015

G Data

Trojan.GenericKD.2853521

15.12.25

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.17783

Kaspersky

Backdoor.Win32.Androm

15.0.2.529

Malwarebytes

Backdoor.IRCBot

v2015.12.02.05

McAfee

GenericR-EYX!A37DDD27FA89

5600.6564

MicroWorld eScan

Trojan.GenericKD.2853521

16.0.0.1008

NANO AntiVirus

Trojan.Win32.Androm.dymkky

0.30.26.4437

Panda Antivirus

Generic Suspicious

15.12.02.05

Qihoo 360 Security

HEUR/QVM05.1.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151130

Sophos

Mal/Generic-S

4.98

VIPRE Antivirus

Trojan.Win32.Generic

45086

File size:

853 KB (873,472 bytes)

Product version:

1.0.0.0

Original file name:

designer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

12/16/2014 12:26:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:2+x9BZJTxEox9OxYwHMmW0GO7vPiY0ttSv/:3d/xupkr6

Entry address:

0xA9520

Entry point:

55, 8B, EC, 83, C4, F0, B8, 90, 92, 4A, 00, E8, 4C, D7, F5, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, 7C, 18, FB, FF, 8B, 0D, 34, 1D, 4B, 00, A1, B4, 1B, 4B, 00, 8B, 00, 8B, 15, B8, 89, 4A, 00, E8, 7C, 18, FB, FF, A1, B4, 1B, 4B, 00, 8B, 00, E8, F0, 18, FB, FF, E8, 77, AF, F5, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.6967

Developed / compiled with:

Microsoft Visual C++

Code size:

673.5 KB (689,664 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Microsoft Windows Manager

Command:

C:\users\zeav\m-5050453640240545040450450525\winmgr.exe

The file device manager.exe has been seen being distributed by the following URL.

http://evaporez.com/t.exe

Remove device manager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.