home

image_04040.scr

HTTP Analyzer Stand-alone

Anqing Inspector Software Ltd.

The file image_04040.scr, “HTTP Analyzer Stand-Alone Edition” has been detected as malware by 24 anti-virus scanners.
Publisher:
IEInspector Software  (signed by Anqing Inspector Software Ltd.)

Product:
HTTP Analyzer Stand-alone

Description:
HTTP Analyzer Stand-Alone Edition

Version:
7.5.4.459

MD5:
5ca59075cb270a61cf261c0862ec25e3

SHA-1:
d31d455ef6c963a712f594c4828e141b3714a925

SHA-256:
2bf710ccf833a6827cf61d2c0ef1308f68fd212b9a8e2484a94ae3d2b80e8254

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
11/15/2024 9:17:28 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13133569
15

Agnitum Outpost
Backdoor.DarkKomet
7.1.1

avast!
MSIL:Agent-CUU [Trj]
2014.9-170119

AVG
MSIL7
2018.0.2493

Baidu Antivirus
Backdoor.Win32.DarkKomet
4.0.3.17119

Bitdefender
Trojan.Generic.13133569
1.0.20.95

Emsisoft Anti-Malware
Trojan.Generic.13133569
8.17.01.19.07

ESET NOD32
MSIL/Injector.IRP (variant)
11.11520

Fortinet FortiGate
MSIL/Injector.IRP!tr
1/19/2017

F-Secure
Trojan.Generic.13133569
11.2017-19-01_5

G Data
Trojan.Generic.13133569
17.1.25

IKARUS anti.virus
Trojan.MSIL.Injector
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15685

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.-1039

McAfee
Artemis!5CA59075CB27
5600.6149

MicroWorld eScan
Trojan.Generic.13133569
18.0.0.57

NANO AntiVirus
Trojan.Win32.DarkKomet.dpuzxh
0.30.20.1219

nProtect
Trojan.Generic.13133569
15.04.23.01

Panda Antivirus
Trj/CI.A
17.01.19.07

Qihoo 360 Security
Win32/Trojan.Dropper.81b
1.0.0.1015

Sophos
Mal/MSIL-NX
4.98

Trend Micro House Call
TROJ_GEN.R08NC0VDA15
7.2.19

Trend Micro
TROJ_GEN.R08NC0VDA15
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
39604

File size:
1 MB (1,080,320 bytes)

Product version:
7.5.4.459

Language:
English (United States)

Common path:
C:\users\{user}\downloads\image_04040.scr

Digital Signature
Signed by:
Anqing Inspector Software Ltd.

Authority:
GlobalSign nv-sa

Valid from:
5/3/2013 4:04:49 PM

Valid to:
5/3/2016 4:04:49 PM

Subject:
E=support@ieinspector.com, CN=Anqing Inspector Software Ltd., O=Anqing Inspector Software Ltd., L=Anqing, S=An Hui, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A899727DD60BA5D63D7DA72283C949C2

File PE Metadata
Compilation timestamp:
3/23/2015 7:39:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xE0F5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8860

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
892 KB (913,408 bytes)

Remove image_04040.scr - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.