vlsm.exe

Aruba

The executable vlsm.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from msil.pw.
Publisher:
ad18d  (signed by Aruba)

Product:
ad18d

Version:
0.0.0.0

MD5:
45d64bb6e13004d769ddea3344979903

SHA-1:
0c1976a875a48afdf7a18a47c473fde56c6a219b

SHA-256:
a218b9ed54ad6a42912ebd7ae3d5b070d307bf4b649243f2d2ea21566ae5525f

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/23/2024 9:25:42 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160414-2

Dr.Web
Trojan.DownLoader12.52144
9.0.1.05190

Emsisoft Anti-Malware
Trojan.GenericKDZ.27589
11.5.0.6191

ESET NOD32
MSIL/Injector.FCD trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.223.515.0

Norman
Trojan.GenericKDZ.27589
28.05.2016 15:32:18

Sophos
Virus 'Troj/MSIL-EBK'
5.23

File size:
217.8 KB (223,000 bytes)

Product version:
0.0.0.0

Copyright:
Copyright © 2015

Original file name:
0841250001433371938.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\vlsm.exe

Digital Signature
Signed by:

Authority:
Aruba

Valid from:
5/2/2015 4:35:12 PM

Valid to:
5/1/2016 4:35:12 PM

Subject:
E=N@A.com, CN=www.cdcert.caked, OU=Aruba, L=Aruba, O=Aruba, S=American, C=aw

Issuer:
E=N@A.com, CN=www.cdcert.caked, OU=Aruba, L=Aruba, O=Aruba, S=American, C=aw

Serial number:
00

File PE Metadata
Compilation timestamp:
6/3/2015 10:53:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:Z/OKtQrWeEYZf+llPghMmyGxRFrESCmzrlYcz3bHJYtSR5u:Z/OK6rWeEOmfP/vIRFra2r2cnJYtSRk

Entry address:
0xBB3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
39 KB (39,936 bytes)

The file vlsm.exe has been seen being distributed by the following URL.

Remove vlsm.exe - Powered by Reason Core Security