» inteltecnolocishwwk.gif
Overview
Analysis
File Details
Behaviors (1)

inteltecnolocishwwk.gif

The file inteltecnolocishwwk.gif has been detected as malware by 23 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Java_Plugin_Inteltecnolocis’.

File name:

MD5:

8cf9eb5d3f5900f435d07e4f0935c40a

SHA-1:

d1a8544bd9718faa67ddd93f6670fddfaa73700a

SHA-256:

03bba14046e8186ba3daebb6335156af52ce2948cf4718b002c6aaa0d4259b50

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

11/29/2024 4:37:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.CEKT

-41

AhnLab V3 Security

Malware/Win32.Generic.C1638787

3.8.3.16

Avira AntiVirus

TR/Downloader.Gen7

8.3.3.4

Arcabit

Trojan.Agent.CEKT

1.0.0.798

AVG

Generic38

2018.0.2437

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Trojan.Agent.CEKT

1.0.20.375

Emsisoft Anti-Malware

Trojan.Agent.CEKT

8.17.03.16.12

Fortinet FortiGate

W32/Injector.fam!tr

3/16/2017

F-Prot

W32/DelfInject.A.gen

v6.4.7.1.166

F-Secure

Trojan.Agent.CEKT

11.2017-16-03_5

G Data

Trojan.Agent.CEKT

17.3.A:25.11145B:25.9064

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1318

McAfee

GenericR-JJJ!8CF9EB5D3F59

5600.6093

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.13504.0

MicroWorld eScan

Trojan.Agent.CEKT

18.0.0.225

Panda Antivirus

Trj/GdSda.A

17.03.16.12

Qihoo 360 Security

HEUR/QVM25.0.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Generic.4!tfe (thunder:4:RyNA7s0S8xD)

23.00.65.17314

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0FC917

7.2.75

Trend Micro

TROJ_GEN.R0C1C0FC917

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

56588

File size:

91 KB (93,184 bytes)

Common path:

C:\windows\temp\inteltecnolocishwwk.gif

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x13518

Entry point:

55, 8B, EC, 83, C4, BC, 53, 56, 57, 33, C0, 89, 45, C0, 89, 45, BC, B8, A0, 34, 41, 00, E8, ED, 20, FF, FF, 33, C0, 55, 68, 70, 36, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 4B, 36, 41, 00, 64, FF, 32, 64, 89, 22, B8, 98, 58, 41, 00, BA, 88, 36, 41, 00, E8, AE, 04, FF, FF, B8, 9C, 58, 41, 00, BA, A4, 36, 41, 00, E8, 9F, 04, FF, FF, 33, C0, A3, 7C, 58, 41, 00, 33, C0, A3, 80, 58, 41, 00, C7, 05, 8C, 58, 41, 00, 01, 00, 00, 00, A1, 98, 58, 41, 00, E8, C5, 06, FF, FF, A3, 7C, 58, 41, 00, C7, 05, 84, 58... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

74 KB (75,776 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Java_Plugin_Inteltecnolocis

Command:

rundll32.exe "C:\windows\temp\inteltecnolocishwwk.gif",""

Remove inteltecnolocishwwk.gif - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.