Categories: Malware

Tedy.116601 (file analysis)

The Tedy.116601 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Tedy.116601 virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
The executable is likely packed with VMProtect
Authenticode signature is invalid
Binary file triggered YARA rule
Yara detections observed in process dumps, payloads or dropped files

How to determine Tedy.116601?


File Info:
name: 865980B5D667EBAC3824.mlwpath: /opt/CAPEv2/storage/binaries/5964acbb17282eb6e40727ce92ba8b4e6bcf3f7e4302c9639adb0cf0d971dc8ecrc32: 7BBABDE9md5: 865980b5d667ebac3824aef3617de9c3sha1: 0f7eb6e4f3b6a55a30ed5cedcde8ddd1c445bf02sha256: 5964acbb17282eb6e40727ce92ba8b4e6bcf3f7e4302c9639adb0cf0d971dc8esha512: 614f036c2c31d8b51270cf8bece4d70d603383c0240d301bda9d4c7918bbf6a2315880c6045c174e8656a4641df60df45cae3704a8f4a53f513cad72acd9d62assdeep: 196608:40q/rdXImxde45fsztEvn8xknsrA9f5szTsnLBHmfKGdzFBob56h/RHt3ZN:hq/rdImve450zxxxrCf5sVgY5ztype: PE32 executable (DLL) (GUI) Intel 80386, for MS Windowstlsh: T1A1C63337176A1566D4EDCC32CA3BBFE431B207AB4A81EC78A2C77DC131678D0A612657sha3_384: e9f57e69fc6d73a6c9502f63b50c42a06c32d03509751b48807ef5ead7417d2baf4bcd27e182a6bc14f20b74fece2dc5ep_bytes: eb080067920000000000e9a4630300fftimestamp: 2022-01-19 02:31:58
Version Info:
CompanyName: Guangdong OPPO Mobile Telecommunications Corp.,Ltd.FileDescription: Base Common Library of OPLUS Flash Tool 3.0FileVersion: 3.0.0.0InternalName: FTLibBaseLegalCopyright: (C) 2020-2021 Guangdong OPPO Mobile Telecommunications Corp.,Ltd.OriginalFilename: FTLibBase.dllProductName: Base Common Library of OPLUS Flash Tool 3.0ProductVersion: 3.0.0.0Translation: 0x0409 0x04b0

Tedy.116601 also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
MicroWorld-eScan	Gen:Variant.Tedy.116601
FireEye	Generic.mg.865980b5d667ebac
Skyhigh	BehavesLike.Win32.Generic.wc
McAfee	Artemis!865980B5D667
Cylance	unsafe
VIPRE	Gen:Variant.Tedy.116601
Sangfor	Trojan.Win32.Agent.V2yu
TrendMicro-HouseCall	TROJ_GEN.R002H09C424
Avast	Win32:Malware-gen
BitDefender	Gen:Variant.Tedy.116601
Sophos	Generic ML PUA (PUA)
Trapmine	suspicious.low.ml.score
Emsisoft	Gen:Variant.Tedy.116601 (B)
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Win32.Agent
Arcabit	Trojan.Tedy.D1C779
GData	Gen:Variant.Tedy.116601
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZedlaF.36802.@J8@a4GzoJhi
ALYac	Gen:Variant.Tedy.116601
Rising	Trojan.Agent!8.B1E (TFE:5:jUDfH767WRE)
SentinelOne	Static AI – Suspicious PE
MaxSecure	Trojan.Malware.73429889.susgen
Fortinet	W32/PossibleThreat
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
alibabacloud	Trojan.Win.UnkAgent