» parallel-30.exe
Overview
Analysis
File Details
Behaviors (1)

parallel-30.exe

MediaArea.net

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘parallel-6’.

File name:

parallel-30.exe

Publisher:

MediaArea.net (signed and verified)

MD5:

2d73d37faea0c6d4748a7f3ab20e4a27

SHA-1:

3802bdd6849bf2879db60745b8daf5cb6d62ab39

Scanner detections:

4 / 68

Status:

Inconclusive (probably just false positive detections)

Analysis date:

11/24/2024 6:02:49 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Trojan-gen

160917-0

Dr.Web

Trojan.Nymaim.36

9.0.1.05190

ESET NOD32

Win32/Kryptik.FDXA trojan

6.3.12010.0

Microsoft Security Essentials

Trojan:Win32/Pennelas.B!cl

1.233.3817.0

File size:

938.1 KB (960,624 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\documents and settings\all users\parallel-92\parallel-30.exe

Digital Signature

Signed by:

MediaArea.net

Authority:

COMODO CA Limited

Valid from:

9/16/2011 2:00:00 AM

Valid to:

9/16/2012 1:59:59 AM

Subject:

CN=MediaArea.net, O=MediaArea.net, STREET=Chemin du Vernay, L=Curienne, S=France, PostalCode=73190, C=FR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FB6841B530E64E523F2FCEE41565F123

File PE Metadata

Compilation timestamp:

12/3/2005 9:19:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

3.201

Entry address:

0x2730

Entry point:

68, E8, 03, 00, 00, 6A, 40, FF, 15, 33, 44, 43, 00, 8B, F8, 66, 0B, C0, 74, 0B, 6A, 21, 50, 6A, 0B, E8, 04, 00, 00, 00, C3, FF, D0, C3, BF, 11, 86, 00, 00, EB, 13, FF, 15, 37, 44, 43, 00, 8B, F0, A3, 8E, 66, 43, 00, A3, 92, 66, 43, 00, 4F, 0B, FF, 75, E9, 8B, EC, 81, EC, 50, 07, 00, 00, 33, C0, 50, FF, 35, 4A, 85, 43, 00, FF, 15, 17, 44, 43, 00, 08, C0, 0F, 85, EB, 25, 00, 00, B9, 0E, DD, 00, 00, 89, 0D, 65, 61, 43, 00, 8B, 1D, CB, 60, 43, 00, 81, EB, 75, 0B, 00, 00, 89, 1D, CB, 60, 43, 00, BB, A7, B7, 00... 
[+]

Code size:

32 KB (32,768 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

parallel-6

Command:

C:\documents and settings\all users\parallel-92\parallel-30.exe -87

Scan parallel-30.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.