zKqTyFfR.exe

zKqTyFfR

Dinosaur

The file zKqTyFfR.exe by Dinosaur has been detected as a potentially unwanted program by 28 anti-malware scanners.
Publisher:
Dinosaur  (signed and verified)

Product:
zKqTyFfR

Version:
1.4.1.5

MD5:
007b1cbfb526b3333fc7037c8bd7d7fc

SHA-1:
70beb47ff3c89d4058edd529d75c9107d5abe8a3

SHA-256:
241526691459341d910bdc10758492b550dd98fa822c416dc548956f89159cee

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
11/8/2024 12:29:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.27682
148

Agnitum Outpost
Trojan.Kryptik
7.1.1

Arcabit
Trojan.Generic.D6C22
1.0.0.585

avast!
Win32:Broban-AR [Trj]
2014.9-160909

AVG
Generic
2017.0.2626

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.1699

Bitdefender
Trojan.GenericKDZ.27682
1.0.20.1265

Emsisoft Anti-Malware
Trojan.GenericKDZ.27682
8.16.09.09.02

ESET NOD32
MSIL/Kryptik.BPM (variant)
10.12465

Fortinet FortiGate
MSIL/Kryptik.BPM!tr
9/9/2016

F-Secure
Trojan.GenericKDZ.27682
11.2016-09-09_6

G Data
Trojan.GenericKDZ.27682
16.9.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17646

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-376

Malwarebytes
Trojan.Steam.DHA
v2016.09.09.02

McAfee
RDN/Generic.dx!drg
5600.6282

Microsoft Security Essentials
Trojan:Win32/Hiclas!gfc
1.1.12205.0

MicroWorld eScan
Trojan.GenericKDZ.27682
17.0.0.759

NANO AntiVirus
Trojan.Win32.Inject.drijax
0.30.26.3947

nProtect
Trojan.GenericKDZ.27682
15.10.26.01

Panda Antivirus
Trj/CI.A
16.09.09.02

Quick Heal
Trojan.MSI.r3
9.16.14.00

Rising Antivirus
PE:Malware.RDM.41!5.2F[F1]
23.00.65.16907

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R01ZC0EDJ15
10.465.09

VIPRE Antivirus
Trojan.Win32.Generic
44820

Zillya! Antivirus
Trojan.Inject.Win32.175795
2.0.0.2474

File size:
737.5 KB (755,216 bytes)

Product version:
1.4.1.5

Copyright:
Copyright zKqTyFfR © 2015

Original file name:
zKqTyFfR.exe

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\4164.tmp

Digital Signature
Signed by:

Authority:
getaCert - www.getacert.com

Valid from:
4/1/2015 11:58:13 PM

Valid to:
5/31/2015 11:58:13 PM

Subject:
E=LOL@run.away, CN=Melaldon, OU=Carnivore, O=Dinosaur, L=Cali, S=Pandora, C=NL

Issuer:
O=getaCert - www.getacert.com, L=Seattle, S=Washington, C=US

Serial number:
0DF6

File PE Metadata
Compilation timestamp:
4/5/2015 11:41:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:31M99txZzxDWyzdqzWY3B+8uAS5wCxLb90ZbVbQS6ym+3feaM84:3o9PWy56rI8z/axG4

Entry address:
0x76DCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 90, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 02, 00, 00, 00, 48, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
467.5 KB (478,720 bytes)

Remove zKqTyFfR.exe - Powered by Reason Core Security