home

system32.exe

Cobind

The executable system32.exe has been detected as malware by 28 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Cobind  (signed and verified)

MD5:
56916e9fce55653b66791cd7be3698f6

SHA-1:
5b3b2ee96d231c67be8cf7dac7aca5b1587acefe

SHA-256:
0a5b1d7cafe21e7ffb59870643a522f2372b487302a9cfe68a793f8e4a1e1907

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
11/27/2024 7:44:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.3455710
148

AegisLab AV Signature
Troj.W32.Generic!c
2.1.4+

AhnLab V3 Security
Trojan/Win32.Generic.N2076297391
3.7.5.15

Avira AntiVirus
TR/Dropper.MSIL.oasp
8.3.3.4

Arcabit
Trojan.Generic.D34BADE
1.0.0.742

avast!
Win32:Malware-gen
2014.9-160909

AVG
Malware
2017.0.2626

Bitdefender
Trojan.GenericKD.3455710
1.0.20.1265

Dr.Web
Trojan.Nanocore.23
9.0.1.0253

Emsisoft Anti-Malware
Trojan.GenericKD.3455710
8.16.09.09.02

ESET NOD32
MSIL/Injector.PZX (variant)
10.13996

Fortinet FortiGate
MSIL/Kryptik.GRX!tr
9/9/2016

F-Secure
Trojan.GenericKD.3455710
11.2016-09-09_6

G Data
Trojan.GenericKD.3455710
16.9.25

K7 AntiVirus
Trojan
13.237.20627

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-376

Malwarebytes
Spyware.PasswordStealer
v2016.09.09.02

McAfee
RDN/Generic.hbg
5600.6282

Microsoft Security Essentials
Backdoor:Win32/Kirts.A
1.1.13000.0

MicroWorld eScan
Trojan.GenericKD.3455710
17.0.0.759

NANO AntiVirus
Trojan.Win32.Nanocore.efgaws
1.0.38.8984

Panda Antivirus
Trj/GdSda.A
16.09.09.02

Qihoo 360 Security
Win32/Trojan.Dropper.70c
1.0.0.1120

Rising Antivirus
Trojan.Dynamer!8.3A0-U9XrbcaCk5D (Cloud)
23.00.65.16907

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R00XC0DHC16
7.2.253

VIPRE Antivirus
Trojan.Win32.Generic
51736

Zillya! Antivirus
Trojan.Injector.Win32.411879
2.0.0.3023

File size:
649.4 KB (664,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\system32.exe

Digital Signature
Signed by:
Cobind

Authority:
Cobind

Valid from:
8/5/2016 8:36:03 PM

Valid to:
8/3/2026 8:36:03 PM

Subject:
E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Issuer:
E=admin@cobind.com, CN=cobind.com, OU=Ques Unit, O=Cobind, L=New York City, S=New York, C=US

Serial number:
00ABF3127C9761E782

File PE Metadata
Compilation timestamp:
8/8/2016 7:00:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:dbGvlstBNfnaD6ntGyyRyIViLgU4c1C/5jbEJ7S+ZbBKxwxI9bXabpRvMxiDCpX:dKaNfaD6noyQyGimym+U2vsiGd

Entry address:
0x4509E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3102

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
272 KB (278,528 bytes)

Scheduled Task
Task name:
Windows Defender

Path:
\Update\Windows Defender

Trigger:
Logon (Runs on logon)


Remove system32.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.