» erroorr.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

erroorr.exe

ERROR

The application erroorr.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘745faaf47cb113ca5c6011212e59da5a’. The file has been seen being downloaded from www.exeupp.com.

File name:

erroorr.exe

Product:

ERROR

Version:

1.0.0.0

MD5:

b509eabf9e3cc9b3526947d91d43cc61

SHA-1:

1ffb3b4dd0099cd4289cdf04640580f96a1cc393

SHA-256:

9e59845f8598521cf6bdae7169fcb26d35029f18ac3d485fcc8a4e95a981c3dd

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 8:29:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.15518762

355

Agnitum Outpost

Trojan.Zapchast

7.1.1

Avira AntiVirus

TR/Krypt.48640.22

8.3.2.4

Arcabit

Trojan.Generic.DECCC2A

1.0.0.642

avast!

Win32:Malware-gen

2014.9-160214

AVG

Atros2

2017.0.2833

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.16214

Bitdefender

Trojan.Generic.15518762

1.0.20.225

Dr.Web

BackDoor.Bladabindi.3459

9.0.1.045

ESET NOD32

MSIL/Kryptik.EKC (variant)

10.12880

Fortinet FortiGate

MSIL/Kryptik.EKC!tr

2/14/2016

F-Secure

Trojan.Generic.15518762

11.2016-14-02_1

G Data

Trojan.Generic.15518762

16.2.25

IKARUS anti.virus

Trojan.MSIL.Bladabindi

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18450

Kaspersky

Trojan.MSIL.Zapchast

14.0.0.661

McAfee

RDN/Generic BackDoor

5600.6489

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi

1.1.12400.0

MicroWorld eScan

Trojan.Generic.15518762

17.0.0.135

nProtect

Trojan.Generic.15518762

16.01.15.02

Panda Antivirus

Trj/GdSda.A

16.02.14.05

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Sophos

Mal/Generic-S

4.98

File size:

47.5 KB (48,640 bytes)

Product version:

1.0.0.0

Original file name:

ERROR.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\erroorr.exe

File PE Metadata

Compilation timestamp:

11/27/2015 9:16:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:sbG/+qwSJqd3rqpxqGl/U/KKR6792GqB3hc3VIQID1nREbBKK5kza09dddddrqVK:D2qwD3mpxqGl/U/KO6h3qby38H5v9ddJ

Entry address:

0xC96E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.5042

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

42.5 KB (43,520 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

745faaf47cb113ca5c6011212e59da5a

Command:

"C:\users\{user}\appdata\roaming\erroorr.exe"..

The file erroorr.exe has been seen being distributed by the following URL.

https://www.exeupp.com/.../ERROR.exe

Remove erroorr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.