Should I block it?
Yes, 98% block recommendation.
Possible reason:
Multiple malware detections
Relationships
google.exe
MD5: | 7872efc3378ea863da263191e87f9a65 |
SHA1: | 99019788f9699585104647e2ff253609eafb0212 |
SHA256: | 2f6d28313af4f2e30f86e7c42e7a9155864b503093bfe9a324bb51ee4153b06b |
Warning 23 antivirus scanners has detected malware.
Overview
google.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
winlogon.exe (Windows Logon Application by Microsoft). It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). This particular version is usually found on Windows 8 Pro (6.2.9200.0).
Details
File name: | google.exe |
Typical file path: | C:\Windows\System32\sys32\google.exe |
Size: | 1.27 MB (1,327,104 bytes) |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | Yes |
.NET CLR: | No |
More details
Behaviors
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'MicroUpdate' → C:\Windows\system32\sys32\google.exe
Network connections
[TCP] 41.100.162.196:81
Malware detections
Based on 40+ industry antivirus scanners, 23 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Avira AntiVir |
7.11.61.188 |
TR/Symmi.3138.5 |
avast! |
6.0.1289.0 |
Win32:Malware-gen |
AVG |
2014.0.3629 |
Suspicion: unknown virus |
BitDefender |
7.2 |
Gen:Variant.Symmi.3138 |
Comodo Internet Security |
15299 |
Heur.Packed.MultiPacked |
Dr.Web |
8.13.9.28 |
BackDoor.Comet.152 |
Emsisoft Anti-Malware |
None |
Gen:Variant.Symmi.3138 (B) |
ESET NOD32 |
7.8024 |
a variant of Win32/Packed.MultiPacked.O |
Fortinet |
5.0.43.0 |
W32/DarkKomet.AAFL!tr.bdr |
F-Secure |
11.0.19020.35 |
Gen:Variant.Symmi.3138 |
G Data |
13.9.22 |
Gen:Variant.Symmi.3138 |
Ikarus |
T3.1.4.0.0 |
Backdoor.Win32.Fynloski |
Kaspersky |
9.0.0.837 |
Backdoor.Win32.DarkKomet.aafl |
McAfee |
5.400.1158 |
Artemis!7872EFC3378E |
McAfee Gateway Anti-Malware |
v2012.1-dat |
Heuristic.BehavesLike.Win32.Suspicious-BAY.S |
eScan by MicroWorld |
12.0.250.0 |
Gen:Variant.Symmi.3138 |
Norman |
7.00.20 |
Troj_Generic.HNEQC |
Panda Antivirus |
10.0.3.5 |
Trj/CI.A |
Sophos |
4.86.0 |
Mal/Generic-S |
Symantec |
20121.3.0.76 |
WS.Reputation.1 |
Trend Micro |
9.740.0.1012 |
TROJ_SCAR.BMC |
Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.R47H1BF |
VIPRE Antivirus |
15624 |
Trojan.Win32.Generic!BT |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00026184% | |
Kernel CPU: | 0.00014568% | |
User CPU: | 0.00011617% | |
Kernel CPU time: | 2,855 ms/min | |
Memory |
Private memory: | 12.14 MB | |
Private (maximum): | 13.23 MB | |
Private (minimum): | 1.71 MB | |
Non-paged memory: | 12.14 MB | |
Virtual memory: | 115.66 MB | |
Virtual memory (peak): | 115.66 MB | |
Working set: | 2.09 MB | |
Working set (peak): | 13.23 MB | |
Resource allocations |
Threads: | 32 | |
Handles: | 9539 | |
GUI GDI count: | 31 | |
GUI GDI peak: | 33 | |
GUI USER count: | 24 | |
GUI USER peak: | 24 | |
Process properties
Threads
Averages
google.exe (main module) |
Total CPU: | 0.00016905% | |
Kernel CPU: | 0.00007409% | |
User CPU: | 0.00009496% | |
CPU cycles: | 19,075/sec | |
Memory: | 2.58 MB | |
ntdll.dll |
Total CPU: | 0.00002129% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.00002129% | |
CPU cycles: | 1,504/sec | |
Memory: | 1.4 MB | |
gdiplus.dll |
Total CPU: | 0.00001064% | |
Kernel CPU: | 0.00001064% | |
User CPU: | 0.00000000% | |
CPU cycles: | 218/sec | |
Memory: | 1.39 MB | |
Distribution by Windows OS
OS version | distribution |
Windows 8 Pro |
100.00% |
|
Distribution by PC manufacturer
PC Manufacturer | distribution |
Acer |
100.00% |
|