» Video009.exe
Overview
Analysis
File Details
Downloads (1)

Video009.exe

The executable Video009.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from demo.ovh.eu.

File name:

Video009.exe

Version:

1.0.0.0

MD5:

5cfc4607789c0a12df229f525d265a24

SHA-1:

42918802cd358d2579c43e65d375e802ea984d12

SHA-256:

817b591d2e1f1f276cde954e5abf05c1788c9db17e26def613c41ae4df90ff21

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

11/16/2024 10:33:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Barys.22164

908

Agnitum Outpost

Backdoor.DarkKomet

7.1.1

Avira AntiVirus

TR/Barys.21908.62

7.11.160.46

avast!

MSIL:GenMalicious-B [Trj]

2014.9-140811

AVG

MSIL3

2015.0.3386

Baidu Antivirus

Backdoor.Win32.DarkKomet

4.0.3.14811

Bitdefender

Gen:Variant.Barys.22164

1.0.20.1115

Comodo Security

TrojWare.MSIL.Injector.~EAT

18839

Emsisoft Anti-Malware

Gen:Variant.Barys.22164

8.14.08.11.06

ESET NOD32

MSIL/Injector.EAT (variant)

8.10079

Fortinet FortiGate

MSIL/Injector.EAT!tr

8/11/2014

F-Secure

Gen:Variant.Barys.22164

11.2014-11-08_2

G Data

Gen:Variant.Barys.22164

14.8.24

IKARUS anti.virus

Backdoor.Win32.DarkKomet

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12683

Kaspersky

Backdoor.Win32.DarkKomet

14.0.0.3424

McAfee

RDN/Generic BackDoor!yu

5600.7042

MicroWorld eScan

Gen:Variant.Barys.22164

15.0.0.669

NANO AntiVirus

Trojan.Win32.EAT.dbhmih

0.28.0.60698

Norman

Troj_Generic.UNVQD

11.20140811

Panda Antivirus

Generic Malware

14.08.11.06

Qihoo 360 Security

Win32/Trojan.ed2

1.0.0.1015

Quick Heal

Backdoor.DarkKomet.r3

8.14.14.00

Trend Micro House Call

TROJ_GEN.R0CBC0EFP14

7.2.223

Trend Micro

TROJ_GEN.R0CBC0EFP14

10.465.11

Vba32 AntiVirus

Backdoor.DarkKomet

3.12.26.3

Zillya! Antivirus

Backdoor.DarkKomet.Win32.19667

2.0.0.1855

File size:

588 KB (602,112 bytes)

Product version:

1.0.0.0

Original file name:

Video009.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\video009.exe

File PE Metadata

Compilation timestamp:

6/18/2014 4:55:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:jvFFeE68K1YxlvYxC6qqHcYT+WLQpibIHL1RqEKXLEgsBdV:jNFeVj1YvvYxC6DcYTrcpWXLEbz

Entry address:

0x8388E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

520 KB (532,480 bytes)

The file Video009.exe has been seen being distributed by the following URL.

http://demo.ovh.eu/download/.../Video009.exe

Remove Video009.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.