» vctcxo-46.exe
Overview
Analysis
File Details
Behaviors (1)

vctcxo-46.exe

Sophos Limited

The executable vctcxo-46.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘vctcxo-9’.

File name:

vctcxo-46.exe

Publisher:

Sophos Limited (signed and verified)

MD5:

987c3d22881b9db40b61c4ae7410cd7d

SHA-1:

893afd38ee00278f1e6ac04443d7026ed63220d8

SHA-256:

7e65850c2b5f29ae9705a7cf62af155c44a658f9d4a9a3ed3e27ec31e804dfb2

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 12:51:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Kryptik

17.2.22.15

File size:

702.5 KB (719,352 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\vctcxo-0\vctcxo-46.exe

Digital Signature

Signed by:

Sophos Limited

Authority:

VeriSign, Inc.

Valid from:

12/3/2010 1:00:00 AM

Valid to:

12/3/2013 12:59:59 AM

Subject:

CN=Sophos Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sophos Limited, L=Abingdon, S=Oxfordshire, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

03224E125DA6703112040AB66621435F

File PE Metadata

Compilation timestamp:

2/22/2015 1:16:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

1.12

Entry address:

0x1000

Entry point:

50, 8B, EC, 81, EC, 28, 05, 00, 00, E8, E2, 23, 00, 00, BB, 02, 00, 00, 00, 89, 1D, 61, B1, 4A, 00, 8B, 0D, 4C, B3, 4A, 00, 81, E1, FF, FF, 00, 00, 89, 0D, 4C, B3, 4A, 00, 83, 05, 4C, B3, 4A, 00, 6C, FF, 75, 7C, B8, 07, B0, 4A, 00, 50, 6A, 6D, 54, E8, 71, 28, 00, 00, C7, 05, 72, B0, 4A, 00, 50, 57, 00, 00, 83, 2D, 72, B0, 4A, 00, 0B, C7, 85, 34, FE, FF, FF, 1D, 00, 00, 00, B9, 57, E5, 4A, 00, 51, 68, 1E, DC, 4A, 00, 68, 44, E2, 4A, 00, FF, 15, A0, 30, 41, 00, 89, 85, 10, FB, FF, FF, BB, 5B, 00, 00, 00, 89... 
[+]

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

vctcxo-9

Command:

C:\ProgramData\vctcxo-0\vctcxo-46.exe -6

Remove vctcxo-46.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.