vctcxo-46.exe

Sophos Limited

The executable vctcxo-46.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘vctcxo-9’.
Publisher:
Sophos Limited  (signed and verified)

MD5:
987c3d22881b9db40b61c4ae7410cd7d

SHA-1:
893afd38ee00278f1e6ac04443d7026ed63220d8

SHA-256:
7e65850c2b5f29ae9705a7cf62af155c44a658f9d4a9a3ed3e27ec31e804dfb2

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/28/2024 3:56:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Kryptik
17.2.22.15

File size:
702.5 KB (719,352 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\vctcxo-0\vctcxo-46.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/3/2010 1:00:00 AM

Valid to:
12/3/2013 12:59:59 AM

Subject:
CN=Sophos Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sophos Limited, L=Abingdon, S=Oxfordshire, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
03224E125DA6703112040AB66621435F

File PE Metadata
Compilation timestamp:
2/22/2015 1:16:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.12

Entry address:
0x1000

Entry point:
50, 8B, EC, 81, EC, 28, 05, 00, 00, E8, E2, 23, 00, 00, BB, 02, 00, 00, 00, 89, 1D, 61, B1, 4A, 00, 8B, 0D, 4C, B3, 4A, 00, 81, E1, FF, FF, 00, 00, 89, 0D, 4C, B3, 4A, 00, 83, 05, 4C, B3, 4A, 00, 6C, FF, 75, 7C, B8, 07, B0, 4A, 00, 50, 6A, 6D, 54, E8, 71, 28, 00, 00, C7, 05, 72, B0, 4A, 00, 50, 57, 00, 00, 83, 2D, 72, B0, 4A, 00, 0B, C7, 85, 34, FE, FF, FF, 1D, 00, 00, 00, B9, 57, E5, 4A, 00, 51, 68, 1E, DC, 4A, 00, 68, 44, E2, 4A, 00, FF, 15, A0, 30, 41, 00, 89, 85, 10, FB, FF, FF, BB, 5B, 00, 00, 00, 89...
 
[+]

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
vctcxo-9

Command:
C:\ProgramData\vctcxo-0\vctcxo-46.exe -6


Remove vctcxo-46.exe - Powered by Reason Core Security