home

ynrsrq.exe

The executable ynrsrq.exe has been detected as malware by 36 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Ynrsrq’.
MD5:
2f3d2db5f7f90c23a2f9f4d58d24f23d

SHA-1:
024f2def24b93fbafc58a87412d00352a368d0f3

SHA-256:
b971424dd88b6b7bad49273044dabd9783c066d3b9b573c62cb46188c78c4087

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
4/1/2025 7:12:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.KD.233913
-40

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Backdoor/Win32.Agent
2014.02.06

Avira AntiVirus
TR/Agent.86016
7.11.129.130

avast!
Win32:Vexral-G [Wrm]
2014.9-170315

AVG
SHeur3
2018.0.2438

Baidu Antivirus
Backdoor.Win32.Agent
4.0.3.17315

Bitdefender
Trojan.Generic.KD.233913
1.0.20.370

Bkav FE
W32.Tagamet.Trojan
1.3.0.4923

Clam AntiVirus
Trojan.Agent-248719
0.98/18355

Comodo Security
Heur.Suspicious
17735

Dr.Web
BackDoor.Siggen.29895
9.0.1.074

Emsisoft Anti-Malware
Trojan.Generic.KD.233913
8.17.03.15.10

ESET NOD32
Win32/Injector.GPW (variant)
11.9384

Fortinet FortiGate
W32/Agent.BITX!tr.bdr
3/15/2017

F-Secure
Trojan.Generic.KD.233913
11.2017-15-03_4

G Data
Trojan.Generic.KD.233913
17.3.24

IKARUS anti.virus
Trojan.Win32.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.11074

Kaspersky
Backdoor.Win32.Agent
14.0.0.-1315

Malwarebytes
Trojan.Agent
v2017.03.15.10

McAfee
Artemis!2F3D2DB5F7F9
5600.6094

Microsoft Security Essentials
VirTool:Win32/CeeInject.gen!DZ
1.165.247.01

MicroWorld eScan
Trojan.Generic.KD.233913
18.0.0.222

NANO AntiVirus
Trojan.Win32.Siggen.chutq
0.28.0.57630

Norman
Ircbrute.CX
11.20170315

nProtect
Trojan/W32.Agent.86016.ASX
14.02.05.01

Panda Antivirus
Generic Malware
17.03.15.10

Qihoo 360 Security
Win32/Trojan.98f
1.0.0.1015

Sophos
Mal/Inject-CEE
4.97

Trend Micro House Call
TROJ_SPNR.02FL11
7.2.74

Trend Micro
TROJ_SPNR.02FL11
10.465.15

Vba32 AntiVirus
Backdoor.Agent
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Injector.gsi
26164

ViRobot
Backdoor.Win32.A.Agent.53248.BS
2011.4.7.4223

File size:
84 KB (86,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ynrsrq.exe

File PE Metadata
Compilation timestamp:
5/26/2011 11:27:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1AC6

Entry point:
55, 8B, EC, 6A, FF, 68, C8, 20, 40, 00, 68, 46, 1C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 50, 20, 40, 00, 59, 83, 0D, 5C, 37, 40, 00, FF, 83, 0D, 60, 37, 40, 00, FF, FF, 15, 4C, 20, 40, 00, 8B, 0D, 58, 37, 40, 00, 89, 08, FF, 15, 48, 20, 40, 00, 8B, 0D, 54, 37, 40, 00, 89, 08, A1, 54, 20, 40, 00, 8B, 00, A3, 64, 37, 40, 00, E8, 10, 01, 00, 00, 39, 1D, F0, 36, 40, 00, 75, 0C, 68, 42, 1C, 40, 00, FF, 15, 5C, 20...
 
[+]

Entropy:
7.2477

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Ynrsrq

Command:
C:\users\{user}\appdata\roaming\ynrsrq.exe


Remove ynrsrq.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.