home

gwhroqkhwu

Salung International Corporation

The file gwhroqkhwu has been detected as malware by 23 anti-virus scanners.
Publisher:
Salung International Corporation  (signed and verified)

MD5:
4a057fab1b76aa2f9fcefb9c40de18e6

SHA-1:
5b3bb08150363d82fe0e34f66c3e65d478f94c0b

SHA-256:
c9e58c5196e7817033b93ddc64f57250bb26f7751eb9851b2565eccfd00b7ead

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
12/29/2024 6:46:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3352646
153

Arcabit
Trojan.Generic.D332846
1.0.0.741

avast!
Win32:Dropper-gen [Drp]
2014.9-160903

AVG
MSIL10
2017.0.2631

Baidu Antivirus
MSIL.Trojan.Kryptik
4.0.3.1693

Bitdefender
Trojan.GenericKD.3352646
1.0.20.1235

Bkav FE
W32.TdosnxASAS.Trojan
1.3.0.8108

Comodo Security
TrojWare.MSIL.Agent.GLE
25432

Dr.Web
Win32.HLLW.Phorpiex.191
9.0.1.0247

Emsisoft Anti-Malware
Trojan.GenericKD.3352646
8.16.09.03.02

ESET NOD32
MSIL/Injector.PQN (variant)
10.13792

Fortinet FortiGate
MSIL/Kryptik.GNE!tr
9/3/2016

F-Prot
W32/S-35b8f270
v6.4.7.1.166

F-Secure
Trojan.GenericKD.3352646
11.2016-03-09_7

G Data
Trojan.GenericKD.3352646
16.9.25

K7 AntiVirus
Trojan
13.233.20214

McAfee
Trojan-FIGV!4A057FAB1B76
5600.6287

Microsoft Security Essentials
Backdoor:Win32/Kirts.A
1.1.12902.0

MicroWorld eScan
Trojan.GenericKD.3352646
17.0.0.741

nProtect
Trojan.GenericKD.3352646
16.07.12.01

Panda Antivirus
Trj/GdSda.A
16.09.03.02

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

SUPERAntiSpyware
Trojan.Agent/Gen-Kryptik
8920

File size:
142.8 KB (146,278 bytes)

Common path:
C:\users\{user}\appdata\local\temp\gwhroqkhwu

Digital Signature
Signed by:
Salung International Corporation

Authority:
Salung International Corporation

Valid from:
6/25/2016 12:45:36 AM

Valid to:
6/26/2026 12:45:36 AM

Subject:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Issuer:
E=sales@salung.com, CN=www.salung.com, OU=Sales Department, O=Salung International Corporation, L=Columbus, S=Ohio, C=US

Serial number:
00866E0A24F3686932

File PE Metadata
Compilation timestamp:
6/27/2016 12:21:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:4kzMJ1kWJW4BCK8XJDrFzAF7Ur4qAftQNPdkr:JzMJ1bBCK8f87w4qAftGCr

Entry address:
0x1533E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
80 KB (81,920 bytes)

Remove gwhroqkhwu - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.