home

love this chat.exe

Remote Service Application

Microsoft Corp.

The executable love this chat.exe has been detected as malware by 46 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from s1.directxex.com.
Publisher:
Microsoft Corp.

Product:
Remote Service Application

Version:
1, 0, 0, 1

MD5:
bd77e2f16aae6adf11efecdc41177219

SHA-1:
5aaf16131b29e3dd7516875bba2b776295e21ed5

SHA-256:
13ef1389636dbf4e9026285792bc995cd71a62d6dcfa561232a4f74fef2a90ee

Scanner detections:
46 / 68

Status:
Malware

Analysis date:
11/30/2024 3:37:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Backdoor.Fynloski.C
976

AhnLab V3 Security
Backdoor/Win32.DarkKomet
2014.06.03

Avira AntiVirus
BDS/Backdoor.Gen
7.11.152.208

avast!
Win32:Agent-ASXK [Trj]
2014.9-140603

AVG
BackDoor.Generic15
2015.0.3454

Baidu Antivirus
Trojan.Win32.Fynloski
4.0.3.1463

Bitdefender
Backdoor.Fynloski.C
1.0.20.770

Bkav FE
W32.KeylogEteLTZ
1.3.0.4959

Comodo Security
TrojWare.Win32.Fynloski.B
18421

Dr.Web
BackDoor.Comet.884
9.0.1.0154

Emsisoft Anti-Malware
Backdoor.Fynloski
8.14.06.03.03

ESET NOD32
Win32/Fynloski.AA
8.9887

Fortinet FortiGate
W32/DarkKomet.ID!tr.bdr
6/3/2014

F-Prot
W32/Downloader.C.gen
v6.4.7.1.166

F-Secure
Backdoor.Fynloski.C
11.2014-03-06_3

G Data
Backdoor.Fynloski
14.6.24

IKARUS anti.virus
Trojan.Win32.CDur
t3scan.1.6.1.0

K7 AntiVirus
Backdoor
13.178.12292

Kaspersky
Backdoor.Win32.DarkKomet
14.0.0.3767

Malwarebytes
Backdoor.Agent.DCRSAGen
v2014.06.03.03

McAfee
Generic.gj
5600.7110

Microsoft Security Essentials
Backdoor:Win32/Fynloski.A
1.10600

MicroWorld eScan
Backdoor.Fynloski.C
15.0.0.462

NANO AntiVirus
Trojan.Win32.DarkKomet.cssoim
0.28.0.60100

Norman
Downloader.HJVR
11.20140603

nProtect
Backdoor.Fynloski.C
14.06.03.01

Panda Antivirus
Generic Trojan
14.06.03.03

Qihoo 360 Security
Malware.QVM01.Gen
1.0.0.1015

Quick Heal
Backdoor.Fynloski.A9
6.14.14.00

Rising Antivirus
PE:Backdoor.Pontoeb!1.6637
23.00.65.14601

Sophos
Troj/Backdr-ID
4.98

Total Defense
Win32/Fynloski.DY
37.0.10976

Trend Micro House Call
TROJ_AGENT_058807.TOMB
7.2.154

Trend Micro
TROJ_AGENT_058807.TOMB
10.465.03

VIPRE Antivirus
Backdoor.Win32.Fynloski.A
29898

ViRobot
Backdoor.Win32.Agent.674304.A[UPX]
2011.4.7.4223

File size:
530 KB (542,720 bytes)

Product version:
4, 0, 0, 0

Copyright:
Copyright (C) 1999

Original file name:
MSRSAAP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/7/2012 8:59:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:fcW7KEZlPzCy37Vl9NCB6yUEj0KS3NNyhqMFmcH:BKiRzC090BB0h3NuqMFm

Entry address:
0x136350

Entry point:
60, BE, 00, B0, 4B, 00, 8D, BE, 00, 60, F4, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8867

Packer / compiler:
UPX 2.90LZMA]

Code size:
496 KB (507,904 bytes)

The file love this chat.exe has been seen being distributed by the following URL.

http://s1.directxex.com/.../1KDjT_VB1jVVyRCrSOj5COnKVftbubvSN90AlnACMj-bcNEUVtWIsztc1OQjcHLqlQW37pEm-GT6vMXzLclxhd6hxhAhptAN5WxU

Remove love this chat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.