» repfix.exe
Overview
Analysis
File Details

repfix.exe

Musikliste

DigiCert

The executable repfix.exe, “Fabrikationsblock” has been detected as malware by 6 anti-virus scanners.

File name:

repfix.exe

Publisher:

DigiCert (signed and verified)

Product:

Musikliste

Description:

Fabrikationsblock

Version:

6.08.0001

MD5:

1ad254a84fae0ebca90f95d3b74dcb23

SHA-1:

98ecc967d9dbda3300e01094c70c82695e5c0121

SHA-256:

66b164a4d53fffa28e930d37e58488c661b9b58342434467bd30b54eed0832c7

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

12/27/2024 9:02:28 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Injector.BUMD trojan

7.0.302.0

F-Secure

Trojan.Generic.12804350

5.15.21

McAfee

Trojan.Generic-FATJ!1AD254A84FAE

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.2410.0

Norman

Trojan.Generic.12804350

29.02.2016 03:11:57

VIPRE Antivirus

Threat.4150696

47848

File size:

559.9 KB (573,368 bytes)

Product version:

6.08.0001

Festhielten8

Trademarks:

Deltaladers8

Original file name:

DirectLine.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\repfix.exe

Digital Signature

Signed by:

DigiCert

Authority:

DigiCert Inc

Valid from:

8/7/2012 9:00:00 PM

Valid to:

8/8/2014 9:00:00 AM

Subject:

CN="DigiCert, Inc.", PostalCode=84042, STREET=355 South 520 West, STREET="Canopy Building II, Suite 200", SERIALNUMBER=5299537-0142, OID.1.3.6.1.4.1.311.60.2.1.2=Utah, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

054D9508B364A02A068FA5C6153847B6

File PE Metadata

Compilation timestamp:

2/11/2015 6:36:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:KrWwa4QFqZd95U5XQuFG1XhwtyS0vJQoELO8rJSJrcy5Qy7r7hQ8Rm:r4uqr9sMxugJQoEtgON69Rm

Entry address:

0x1178

Entry point:

68, 08, 02, 47, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, AE, C2, 78, EB, 8C, 6E, 2B, 49, 92, 8F, 29, 8E, 79, 16, 02, 18, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 6D, 0D, 0A, 43, 61, 70, 4D, 75, 73, 69, 6B, 62, 65, 7A, 65, 69, 63, 68, 6E, 75, 6E, 67, 00, 3D, 20, 20, 20, 20, 22, 4C, 00, 00, 00, 00, FF, CC, 31, 00, 0F, C4, 09, 81, 1F, FE, 73, D0, 4A, 94, 52, C1, 1B, E3, F7, 09, F7, E9, CA, 21, 2A, C9, EC, DE, 42, BD, F1, 26, D6, 4E, 97, 6F, AD, 3A, 4F, AD... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

536 KB (548,864 bytes)

Remove repfix.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.