» pps-qq-19.exe
Overview
Analysis
File Details
Downloads (1)

pps-qq-19.exe

The application pps-qq-19.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dysy.storial.ru.

File name:

pps-qq-19.exe

MD5:

d53bd855e3aab9870122541164d13240

SHA-1:

0259d836f78ba217a92f6e37f750becba749364a

SHA-256:

2286ff2ac5bdb5f5e24b682024313781e81be69cfac7af6a5f197c18007488a6

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 12:04:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.795781

369

AegisLab AV Signature

Variant.Kazy

2.1.4+

Agnitum Outpost

Trojan.Kryptik

7.1.1

AhnLab V3 Security

Trojan/Win32.Mytonel

2016.01.29

Avira AntiVirus

TR/Crypt.ZPACK.Gen

8.3.2.4

Arcabit

Trojan.Kazy.DC2485

1.0.0.646

avast!

Win32:Malware-gen

2014.9-160131

AVG

Win32/Cryptor

2017.0.2847

Baidu Antivirus

Adware.Win32.iBryte

4.0.3.16131

Bitdefender

Gen:Variant.Kazy.795781

1.0.20.155

Bkav FE

HW32.Packed

1.3.0.7400

Emsisoft Anti-Malware

Gen:Variant.Kazy.795781

8.16.01.31.11

ESET NOD32

Win32/Kryptik.ELPP (variant)

10.12940

Fortinet FortiGate

W32/Kryptik.ELCZ!tr

1/31/2016

F-Secure

Gen:Variant.Kazy.795781

11.2016-31-01_1

G Data

Gen:Variant.Kazy.795781

16.1.25

Malwarebytes

Trojan.Crypt

v2016.01.31.11

McAfee

Artemis!D53BD855E3AA

5600.6503

Microsoft Security Essentials

TrojanDownloader:Win32/Mytonel.A

1.1.12400.0

MicroWorld eScan

Gen:Variant.Kazy.795781

17.0.0.93

Panda Antivirus

Generic Suspicious

16.01.31.11

Qihoo 360 Security

QVM20.1.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16129

File size:

1.4 MB (1,432,064 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\pps-qq-19.exe

File PE Metadata

Compilation timestamp:

7/17/2011 10:00:53 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

24576:XOf1PD0DeoRj7zI0N2IF6avv1+71v1L5u4+2T6gf:XBDZ1zp6kK1v1L5u4J

Entry address:

0x2103

Entry point:

83, EC, 04, 89, 2C, 24, 89, E5, 83, EC, 4C, E8, 00, 00, 00, 00, 8D, 3D, 03, 90, 00, 01, 47, 57, B8, 8C, 1F, 00, 01, FF, 10, 83, F8, 00, 74, 01, C3, 8D, 3D, 03, 90, 00, 01, 47, 57, C6, 07, 79, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05, 88, 1F, 00, 01, FF, 10, 83, F8, 00, 75, AC, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05, 88, 1F, 00, 01, FF, 10, 85, C0, 75, 94, 8B, 0D, 36, 91, 00, 01, B8, 60, 1F, 00, 01, FF, 10, 85, C0, 75, 83, 6A, 0F, 68, 38, 30, 01, 01, 68, 27, 30, 01, 01, 8D, 05... 
[+]

Code size:

30 KB (30,720 bytes)

The file pps-qq-19.exe has been seen being distributed by the following URL.

http://dysy.storial.ru/installs/.../f806aa75.exe

Remove pps-qq-19.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.