home

image1431222.scr

KxhVimCi

Samoa

The file image1431222.scr has been detected as malware by 30 anti-virus scanners. The file has been seen being downloaded from doc-0c-bk-docs.googleusercontent.com.
Publisher:
Samoa  (signed and verified)

Product:
KxhVimCi

Version:
3.7.3.3

MD5:
7ac80d5857cb5cdb20fca413b78547af

SHA-1:
3eba522c3faae257ff69ceedf825d27640ec5817

SHA-256:
44b63d8e6d674d3fc5efe562eae0e8f6b1f72eaf6e5dc775010a593178f65981

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
2/25/2025 10:01:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2393983
363

Agnitum Outpost
Trojan.Inject
7.1.1

Avira AntiVirus
TR/Krypt.929552
8.3.1.6

Arcabit
Trojan.Generic.D24877F
1.0.0.425

avast!
MSIL:Broban-C [Trj]
2014.9-160206

AVG
Atros
2017.0.2841

Baidu Antivirus
Trojan.MSIL.Inject
4.0.3.1626

Bitdefender
Trojan.GenericKD.2393983
1.0.20.185

Dr.Web
Trojan.PWS.Steam.2447
9.0.1.037

Emsisoft Anti-Malware
Trojan.GenericKD.2393983
8.16.02.06.11

ESET NOD32
MSIL/Kryptik.BYP (variant)
10.11796

Fortinet FortiGate
MSIL/Kryptik.BYP!tr
2/6/2016

F-Secure
Trojan.GenericKD.2393983
11.2016-06-02_7

G Data
Trojan.GenericKD.2393983
16.2.25

IKARUS anti.virus
Trojan.MSIL.Inject
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.205.16253

Kaspersky
Trojan.MSIL.Inject
14.0.0.700

Malwarebytes
Trojan.Agent.DHA
v2016.02.06.11

McAfee
Artemis!7AC80D5857CB
5600.6497

MicroWorld eScan
Trojan.GenericKD.2393983
17.0.0.111

NANO AntiVirus
Trojan.Win32.Inject.drqlop
0.30.24.2086

nProtect
Trojan.GenericKD.2393983
15.06.16.01

Panda Antivirus
Trj/CI.A
16.02.06.11

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.MSI.r3
2.16.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R021C0EEI15
7.2.37

Trend Micro
TROJ_GEN.R021C0EEI15
10.465.06

Vba32 AntiVirus
Trojan.MSIL.Inject
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41188

File size:
907.8 KB (929,552 bytes)

Product version:
3.7.3.3

Copyright:
Copyright KxhVimCi © 2015

Original file name:
KxhVimCi.exe

Common path:
C:\users\{user}\downloads\image1431222.scr

Digital Signature
Signed by:
Samoa

Authority:
Samoa

Valid from:
5/2/2015 7:26:37 PM

Valid to:
5/1/2016 7:26:37 PM

Subject:
E=n@a.com, CN=www.cacert.cake, OU=Samoa, L=Samoa, O=Samoa, S=American, C=as

Issuer:
E=n@a.com, CN=www.cacert.cake, OU=Samoa, L=Samoa, O=Samoa, S=American, C=as

Serial number:
00

File PE Metadata
Compilation timestamp:
5/10/2015 4:53:30 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:Ghdt+GcWxMN2U+hVkGgF7Y7fEYWBHSvkzMRMYHAF:4tHxW2U+hVkGUCflX8

Entry address:
0xCDFBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 90, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
816 KB (835,584 bytes)

The file image1431222.scr has been seen being distributed by the following URL.

https://doc-0c-bk-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/bat11rlpdnm0kps4rofhnnvju9b36cpm/1431280800000/04749440985789334228/.../0B3THXIVuFTO6LWtHVERfVkJweFk?e=download

Remove image1431222.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.