» main.exe
Overview
Analysis
File Details
Behaviors (1)

main.exe

Kemeda

The executable main.exe has been detected as malware by 22 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Microsoft Updater’.

File name:

main.exe

Publisher:

Kemeda (signed and verified)

Version:

1.0.0.0

MD5:

52cdd67bcbe071fd805bd5f9a07ac92d

SHA-1:

0471eb9b26f747d6cbbb608f72d24ac7f96b87aa

SHA-256:

2caed54ba9a862572d8c15cd2cb229061a233dff4da18c50816c2b9801750dec

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

12/28/2024 4:28:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.MSILPerseus.1580

258

Agnitum Outpost

Trojan.Inject

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.222732

8.3.2.4

Arcabit

Trojan.MSILPerseus.D62C

1.0.0.628

avast!

Win32:Malware-gen

2014.9-160522

Bitdefender

Gen:Variant.MSILPerseus.1580

1.0.20.715

Dr.Web

Trojan.PWS.Siggen1.43791

9.0.1.0143

Emsisoft Anti-Malware

Gen:Variant.MSILPerseus.1580

8.16.05.22.07

ESET NOD32

MSIL/Injector.MIX (variant)

10.12672

Fortinet FortiGate

W32/Inject.DCXD!tr

5/22/2016

G Data

Gen:Variant.MSILPerseus.1580

16.5.25

K7 AntiVirus

Trojan

13.212.18027

Kaspersky

Trojan.MSIL.Inject

14.0.0.173

McAfee

Artemis!52CDD67BCBE0

5600.6392

Microsoft Security Essentials

VirTool:MSIL/Injector.HG

1.1.12300.0

MicroWorld eScan

Gen:Variant.MSILPerseus.1580

17.0.0.429

NANO AntiVirus

Trojan.Win32.Inject.dyrskj

0.30.26.5051

Panda Antivirus

Trj/CI.A

16.05.22.07

Qihoo 360 Security

Win32/Trojan.Dropper.26e

1.0.0.1077

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00JC0EKJ15

10.465.22

VIPRE Antivirus

Trojan.Win32.Generic

45614

File size:

1 MB (1,086,952 bytes)

Product version:

1.0.0.0

Original file name:

torax.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\main.exe

Digital Signature

Signed by:

Kemeda

Authority:

Kemeda

Valid from:

10/22/2015 12:07:25 AM

Valid to:

10/22/2016 12:07:25 AM

Subject:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Issuer:

CN=www.kemeda.pt, O=Kemeda, L=Lisboa, S=Lisboa, C=PK

Serial number:

008C6590B70633A028

File PE Metadata

Compilation timestamp:

11/9/2015 9:36:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

80.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:wpbqzkNI87XJ44T1ww9gs2mm6YbhMSgTv/N5T3:SGV8VXJwLPGSMN57

Entry address:

0x10A49E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1 MB (1,082,880 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Microsoft Updater

Command:

"C:\users\{user}\appdata\local\temp\main.exe" 548239

Remove main.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.