» hdrmcshrzzmzbxj.exe
Overview
Analysis
File Details
Downloads (1)

hdrmcshrzzmzbxj.exe

Product

aTIYVbs9y0hKJM3PGAXebdYM4e0KPe

The executable hdrmcshrzzmzbxj.exe, “NkR2F5O1z9z6v3VXccZr6RhYzm0xAv” has been detected as malware by 8 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s2.sfcdn.in.

File name:

hdrmcshrzzmzbxj.exe

Publisher:

aTIYVbs9y0hKJM3PGAXebdYM4e0KPe

Product:

*Product*

Description:

NkR2F5O1z9z6v3VXccZr6RhYzm0xAv

Version:

9.3.5.1

MD5:

997f4b1e8efaa93d7114d4020aa1c08d

SHA-1:

60294459a9e1fdc9dfd0e427cf09b2b2afa981ab

SHA-256:

03046681e2f62a12ec1ef1318071ddeffd337dc3238794bc6bb65bb337285144

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/5/2024 10:09:51 PM UTC (today)

Scan engine

Detection

Engine version

avast!

MSIL:GenMalicious-L [Trj]

160414-2

Dr.Web

Win32.HLLW.Autoruner.25074

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.296255

16.06.28

ESET NOD32

MSIL/Bladabindi.P trojan

8.0.319.0

Kaspersky

Trojan.MSIL.Agent

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.223.2775.0

Norman

Gen:Variant.Kazy.296255

28.05.2016 15:32:18

VIPRE Antivirus

Threat.4150696

50222

File size:

220.5 KB (225,792 bytes)

Product version:

9.3.5.1

IyevY0xBYAePBZt

Original file name:

assemblychange.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\temp\hdrmcshrzzmzbxj.exe

File PE Metadata

Compilation timestamp:

11/19/2013 4:17:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:qK0SwSNqgSTp3bUZ84QXCbd3K82PLnrPkh9JN5b/:qIwQGRbfJCJ68GsTFr

Entry address:

0x37FAE

Entry point:

FF, 25, 00, 20, 40, 00, 42, 75, 69, 6C, 74, 20, 75, 73, 69, 6E, 67, 20, 61, 6E, 20, 65, 76, 61, 6C, 75, 61, 74, 69, 6F, 6E, 20, 76, 65, 72, 73, 69, 6F, 6E, 20, 6F, 66, 20, 39, 52, 61, 79, 73, 2E, 4E, 65, 74, 20, 53, 70, 69, 63, 65, 73, 2E, 4F, 62, 66, 75, 73, 63, 61, 74, 6F, 72, 2E, 20, 54, 68, 69, 73, 20, 73, 6F, 66, 74, 77, 61, 72, 65, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 64, 69, 73, 74, 72, 69, 62, 75, 74, 65, 64, 2E, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8819

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

216.5 KB (221,696 bytes)

The file hdrmcshrzzmzbxj.exe has been seen being distributed by the following URL.

http://s2.sfcdn.in/Njc1ZDFhZjRmN2Y2NjBhMjY4YzhkNDEzOTRhZWU0N2QyZDkyNjRjZToxVmoxNDc6bEU0X0dDR1FKOTZ3N2hLMTRvd1RCaVRwcEdV/.../update.exe

Remove hdrmcshrzzmzbxj.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.