» +vqrp2cx.exe
Overview
Analysis
File Details

+vqrp2cx.exe

Normls2

ITF (AYTIEF)

The file +vqrp2cx.exe by ITF (AYTIEF) has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

+vqrp2cx.exe

Publisher:

Hal 9001 (signed by ITF (AYTIEF))

Product:

Normls2

Description:

Ansporendes

Version:

1.00

MD5:

c71bb5dc441a3112191538d9141b595e

SHA-1:

ddbe1fe330df3a7b0cf068736eab4f0818abd9a7

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/15/2025 2:59:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Kovter (M)

16.10.5.13

File size:

518.1 KB (530,560 bytes)

Product version:

1.00

Tjenestegrenschefer

Trademarks:

Dividenders

Original file name:

Formgav.exe

Language:

French (France)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\+vqrp2cx.exe.part

Digital Signature

Signed by:

ITF (AYTIEF)

Authority:

COMODO CA Limited

Valid from:

4/20/2016 8:00:00 PM

Valid to:

4/21/2017 7:59:59 PM

Subject:

CN=ITF (AYTIEF), O=ITF (AYTIEF), STREET=Verkhnyaya Maslovka street 28-2, L=Moscow, S=Moscow, PostalCode=127083, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

06AC8F16F957EC18E4D964461DC683C6

File PE Metadata

Compilation timestamp:

6/16/2016 7:36:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:otjzXxoz5dHnNWmy0o9CdX9/ATjAeVOMEFl0iJuzFyuzRbE:OzX6PtWmyjqX9/sMoimyV

Entry address:

0x1174

Entry point:

68, 34, 12, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, 7D, 34, 42, A4, B6, 71, C8, 42, 9A, F4, 3C, 8B, C9, 5C, 09, 12, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 65, 73, 6B, 66, 74, 69, 67, 65, 6C, 73, 65, 73, 6E, 69, 76, 65, 61, 75, 37, 00, 00, 00, 00, 00, 00, 00, 00, 07, 00, 00, 00, 84, 1E, 40, 00, 07, 00, 00, 00, 2C, 1E, 40, 00, 07, 00, 00, 00, E4, 1D, 40, 00, 07, 00, 00, 00, 94, 1D, 40, 00, 01, 00, 02, 00, 70, 1A, 40, 00... 
[+]

Entropy:

5.2879

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

496 KB (507,904 bytes)

Remove +vqrp2cx.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.