» newsleecher.exe
Overview
Analysis
File Details

newsleecher.exe

Crystal Art Software

The executable newsleecher.exe has been detected as malware by 19 anti-virus scanners.

File name:

newsleecher.exe

Publisher:

Crystal Art Software (signed and verified)

Description:

Just let it Go

Version:

5.0.0.0

MD5:

3a4bb3dd750ca3c8aa2b87e435126721

SHA-1:

4edf3206f7bc4f81e5881935e18aa86f532c739b

SHA-256:

a660eb28adbaea04920531b5caadcefafd652b40da4280bb99ab0721015b7ba6

Scanner detections:

19 / 68

Status:

Malware

Analysis date:

12/26/2024 3:19:34 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Backdoor.Agent

7.1.1

Avira AntiVirus

TR/Dropper.Gen

7.11.203.220

avast!

Win32:Malware-gen

2014.9-150508

AVG

Luhe.MalMSIL.B

2016.0.3115

Comodo Security

Backdoor.Win32.Generic.2263260

20789

Dr.Web

Trojan.MulDrop.50098

9.0.1.0128

ESET NOD32

MSIL/TrojanDropper.Binder.AS (variant)

9.11050

Fortinet FortiGate

MSIL/Agent.LF!tr

5/8/2015

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.191.14711

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2072

McAfee

Artemis!3A4BB3DD750C

5600.6771

NANO AntiVirus

Trojan.Win32.Cybergate.ddfvpn

0.30.0.64812

Norman

Troj_Generic.JKXNU

11.20150508

Qihoo 360 Security

HEUR/Malware.QVM06.Gen

1.0.0.1015

Sophos

Generic PUA EB

4.98

Vba32 AntiVirus

Trojan.Genome.26105

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36850

Zillya! Antivirus

Dropper.Binder.Win32.7389

2.0.0.2042

File size:

6.3 MB (6,619,975 bytes)

Product version:

1.1.1.1

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\newsleecher\newsleecher.exe

Digital Signature

Signed by:

Crystal Art Software

Authority:

COMODO CA Limited

Valid from:

9/17/2013 2:00:00 AM

Valid to:

9/18/2018 1:59:59 AM

Subject:

CN=Crystal Art Software, O=Crystal Art Software, STREET=Nicolai Eigtveds Gade 36 5, L=Copenhagen, S=Copenhagen, PostalCode=1402, C=DK

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

509B9132673E50CA73F062C0C06E9A09

File PE Metadata

Compilation timestamp:

1/24/2014 4:21:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:xgHU7LqDlWfWTH1qk1fVfXc98cpR8PpNwaeY3CLtmyQUts79GpxQfw6vMkKww1zS:xmVfXc5uNv2pBQGs79JP1wdtGV5

Entry address:

0x52E8BC

Entry point:

55, 8B, EC, B9, 2F, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 94, A4, 91, 00, E8, 1C, D4, AD, FF, 33, C0, 55, 68, 23, FA, 92, 00, 64, FF, 30, 64, 89, 20, A1, E4, 17, 94, 00, C6, 00, 00, A1, 44, 1F, 94, 00, 0F, B6, 00, 8B, 15, E4, 17, 94, 00, 88, 02, 33, D2, 55, 68, BC, F7, 92, 00, 64, FF, 32, 64, 89, 22, A1, 74, 1C, 94, 00, 8B, 00, E8, 48, 35, BD, FF, A1, 74, 1C, 94, 00, 8B, 00, BA, 44, FA, 92, 00, E8, 53, 2F, BD, FF, A1, 5C, 15, 94, 00, C6, 00, 01, A1, 44, 1F, 94, 00, 80, 38, 00, 74, 10, A1... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

5.2 MB (5,434,880 bytes)

Remove newsleecher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.