home

regscdfile.exe

QFX Software Corporation

The executable regscdfile.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
QFX Software Corporation  (signed and verified)

Version:
1.0.0.0

MD5:
880ba48d7d656d5b824fbb48c37e84a4

SHA-1:
634f0d363840b9113041f4c47becfc43b8405651

SHA-256:
c1c1f04958b9d731a5e42088fdf8de5ecc6c2c27616ae4add4a46dc9c77bc997

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/15/2024 12:55:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Crypt-WO [Trj]
160503-1

Emsisoft Anti-Malware
Gen:Variant.MSIL.Krypt.16
11.5.0.6191

ESET NOD32
MSIL/Injector.JCU trojan
8.0.319.0

McAfee
Trojan.Trojan-FGZT!880BA48D7D65
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.15.0

Norman
Gen:Variant.MSIL.Krypt.16
19.05.2016 05:17:13

File size:
441.8 KB (452,384 bytes)

Product version:
1.0.0.0

Original file name:
NerdBotSet.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\regscdfile.exe

Digital Signature
Signed by:
QFX Software Corporation

Authority:
GlobalSign nv-sa

Valid from:
2/2/2015 6:41:12 PM

Valid to:
5/2/2016 7:41:12 PM

Subject:
E=qfxsoft@qfxsoftware.com, CN=QFX Software Corporation, O=QFX Software Corporation, L=Ormond Beach, S=FL, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112151D0DA5CB4170D0D9CB1D6A055CEF137

File PE Metadata
Compilation timestamp:
4/17/2015 9:07:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:JDxdfxzKNlMaYrj8bpzSTbxBuMQhErs0uFSh:xpONWa0j89+T9BTQhEr1Xh

Entry address:
0x44E0E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.5065

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
268 KB (274,432 bytes)

Remove regscdfile.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.