» scan copy_34425.exe
Overview
Analysis
File Details
Behaviors (1)

scan copy_34425.exe

Cobind

The executable scan copy_34425.exe has been detected as malware by 18 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Windows Update’.

File name:

scan copy_34425.exe

Publisher:

Cobind (signed and verified)

MD5:

5aee0fff1fb85d822b088e25f05c4646

SHA-1:

6c91bb8f9474b86d9203d6b0bf6400cd34e5206a

SHA-256:

b0404b991fdbaf38ce611b6af883009359ed94ac66563d979324c6571c3edefd

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

11/27/2024 7:36:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3447018

178

Avira AntiVirus

TR/Dropper.MSIL.pzfr

8.3.3.4

Arcabit

Trojan.Generic.D3498EA

1.0.0.742

AVG

Atros3

2017.0.2656

Bitdefender

Trojan.GenericKD.3447018

1.0.20.1110

Dr.Web

Trojan.Siggen6.63163

9.0.1.0222

Emsisoft Anti-Malware

Trojan.GenericKD.3447018

8.16.08.09.09

ESET NOD32

MSIL/GenKryptik.LJ (variant)

10.13926

Fortinet FortiGate

MSIL/Kryptik.GWS!tr

8/9/2016

F-Secure

Trojan.GenericKD.3447018

11.2016-09-08_3

G Data

Trojan.GenericKD.3447018

16.8.25

IKARUS anti.virus

Trojan.MSIL.Genkryptik

t3scan.2.1.6.0

Kaspersky

Trojan-Spy.Win32.Agent

14.0.0.-224

McAfee

Artemis!5AEE0FFF1FB8

5600.6312

Microsoft Security Essentials

Trojan:Win32/Dynamer!ac

1.1.12902.0

MicroWorld eScan

Trojan.GenericKD.3447018

17.0.0.666

nProtect

Trojan.GenericKD.3447018

16.08.08.01

Panda Antivirus

Generic Suspicious

16.08.09.09

File size:

809.4 KB (828,832 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\scan copy_34425.exe

Digital Signature

Signed by:

Cobind

Authority:

Cobind

Valid from:

8/5/2016 5:36:03 PM

Valid to:

8/3/2026 5:36:03 PM

Subject:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:

E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:

00ABF3127C9761E782

File PE Metadata

Compilation timestamp:

8/7/2016 10:56:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:WfW9JXMHDu9oJ5TIVewS+W6nnvt2yDPRgIUakNI3zzRDQKRO:WfW9tADHKVnS+W6nVXDPSIUlIXRcKRO

Entry address:

0x8E72E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.2313

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

564 KB (577,536 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Windows Update

Command:

C:\users\{user}\appdata\roaming\windowsupdate.exe

Remove scan copy_34425.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.