Jump to content

MBAM flagging loginw32.exe as Trojan.Carberp.ED


techspertsolutions
 Share

Recommended Posts

Good morning,

 

It seems that MBAM is identifying loginw32.exe as Trojan.Carberp.ED.

I have attempted to upload the file, but receive an error from the uploader stating that the type of file is prohibited.

(I will post now and read through the forum rules + edit my post as neccessary).

 

I checked the file against virustotal.com and it received the following results:

 

SHA256: 943326651087aa4391a6e30a42f4a47c4beae33c9368cbdb759b77e100db92aa File name: loginw32.exe Detection ratio: 1 / 48 Analysis date: 2014-12-29 13:53:13 UTC ( 2 minutes ago )

 

 Developer metadata
Copyright
Copyright © 1996-2008, Novell, Inc. All rights reserved.
Publisher Novell, Inc.
Product Novell Client Login for 32-bit Windows
Original name LoginW32.EXE
Internal name LoginW32
File version 4.19.12
Description Novell Client Login for 32-bit Windows
 Packers identified
PEiD Armadillo v1.71
 PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-08-19 15:40:39
Entry Point 0x000014D6
Number of sections 4
 PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 1744 4096 3.17 24c413e1d149a859e69a5aa1e239b01f
.rdata 8192 938 4096 1.50 114191abbf88b4d9ba7ead51008b51f8
.data 12288 488 4096 0.80 fe59e7473299804b4e4ab0de0a0b93d5
.rsrc 16384 2336 4096 2.46 0a74bbf1b70412982acd4f0eb14667b6
 PE imports  Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
 Number of PE resources by language
ENGLISH US 4
 ExifTool file metadata
SubsystemVersion
4.0
LinkerVersion
6.0
ImageVersion
0.0
FileSubtype
0
FileVersionNumber
4.19.12.0
UninitializedDataSize
0
LanguageCode
English (U.S.)
FileFlagsMask
0x003f
CharacterSet
Unicode
InitializedDataSize
12288
FileOS
Win32
MIMEType
application/octet-stream
LegalCopyright
Copyright 1996-2008, Novell, Inc. All rights reserved.
FileVersion
4.19.12
TimeStamp
2008:08:19 16:40:39+01:00
FileType
Win32 EXE
PEType
PE32
InternalName
LoginW32
FileAccessDate
2014:12:29 14:53:33+01:00
ProductVersion
1.00.05
FileDescription
Novell Client Login for 32-bit Windows
OSVersion
4.0
FileCreateDate
2014:12:29 14:53:33+01:00
OriginalFilename
LoginW32.EXE
Subsystem
Windows GUI
MachineType
Intel 386 or later, and compatibles
CompanyName
Novell, Inc.
CodeSize
4096
ProductName
Novell Client Login for 32-bit Windows
ProductVersionNumber
1.0.5.0
EntryPoint
0x14d6
ObjectFileType
Dynamic link library
 

 

 

 

 File identification
MD5 ba64512a8b2c43c143d5199faf691c6c
SHA1 7ff81ac69263845687233cea0b1a039acf582114
SHA256 943326651087aa4391a6e30a42f4a47c4beae33c9368cbdb759b77e100db92aa
ssdeep
96:azwlSLIWki9NDyIWZEl74Q+iAAW5h6NPtboyi97tec9pTEZ6fyfG7Cs:azASUWki7uI5p+iANh6NP1oySnus
authentihash  4ec8de1fcaffcfb2b16995cd33241a37db2887cf32e941298f486fb363c4eec5
imphash  d190d3860e32c531551f641f43452a44
File size 20.1 KB ( 20560 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID Win64 Executable (generic) (64.6%)
Win32 Dynamic Link Library (generic) (15.3%)
Win32 Executable (generic) (10.5%)
Generic Win/DOS Executable (4.6%)
DOS Executable Generic (4.6%)
Tags
peexe armadillo
 VirusTotal metadata
First submission 2010-03-23 09:20:12 UTC ( 4 years, 9 months ago )
Last submission 2014-12-29 13:53:13 UTC ( 30 minutes ago )
File names LoginW32.EXE
LoginW32
loginw32.exe

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.