File Search: 

ThreatExpert's awareness of the file "1.exe":

Across all ThreatExpert reports, the file "1.exe" was mostly identified as a threat.
File "1.exe" has the following statistics:
Total number of reports analysed611,932
Number of cases that involved the file "1.exe"807
Number of incidents when this file was found to be a threat598
Statistical volume of cases when "1.exe" was a threat74%
Please enable javascript to display the chart.
Notes:
  • Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
  • In order to check a file, please submit it to ThreatExpert.
  • For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.
The file "1.exe" is known to be created under the following filenames:
%AllUsersProfile%\1.exe
%AllUsersProfile%\cncdown.exe
%AllUsersProfile%\documents.exe
%AllUsersProfile%\documentsread1st.exe
%AllUsersProfile%\favorites.exe
%AppData%\1.exe
%AppData%\bi\a.exe
%AppData%\blaah.exe
%AppData%\calc.exe
%AppData%\cc3u0.exe
%AppData%\cleaner\1.exe
%AppData%\codecsetup.exe
%AppData%\codecsetup3788.exe
%AppData%\codecsetup4127.exe
%AppData%\codecsetup6400.exe
%AppData%\codecsetup8536.exe
%AppData%\cp_setup_assist.exe
%AppData%\cuda.exe
%AppData%\dealassistant\dauninstall.exe
%AppData%\digifast\dfuninstall.exe
%AppData%\file1.exe
%AppData%\hose.exe
%AppData%\ijango_toolbar_installer.exe
%AppData%\ldr.exe
%AppData%\microsoft\dtsc\t.exe
%AppData%\microsoft\office71\vhchk.exe
%AppData%\microsoft\svchost.exe
%AppData%\microsoft\windows\ernsjyi.exe
%AppData%\microsoft\windows\jjcmdrj.exe
%AppData%\microsoft\windows\nheste.exe
%AppData%\microsoft\windows\nxmwp.exe
%AppData%\microsoft\windows\rwmgh.exe
%AppData%\microsoft\windows\security\user0.exe
%AppData%\microsoft\windows\tbljxjk.exe
%AppData%\microsoft\windows\vohth.exe
%AppData%\microsoft\windows\vvpmyvaw.exe
%AppData%\microsofty\upydate.exe
%AppData%\msn\msn.exe
%AppData%\mxplay\temp\mxplay_installer.exe
%AppData%\ntcom.dll
%AppData%\nthead.dll
%AppData%\pak-5593.exe
%AppData%\pak-5594.exe
%AppData%\pak-5595.exe
%AppData%\pak-5596.exe
%AppData%\pak-5597.exe
%AppData%\pak-5598.exe
%AppData%\pak-5599.exe
%AppData%\pak-5600.exe
%AppData%\pak-5601.exe
%AppData%\pak-5602.exe
%AppData%\pak-5603.exe
%AppData%\qq\a.exe
%AppData%\regedit\fragmen.exe
%AppData%\salehoo\auctionalert\_tmp\aa.exe
%AppData%\salehoo\salehooalert\_tmp\aa.exe
%AppData%\scvhost.exe
%AppData%\silverlight\silverlight.exe
%AppData%\skynet\muonline\_cw0srv.exe
%AppData%\skynet\muonline\234672.exe
%AppData%\skynet\muonline\239874.exe
%AppData%\skynet\muonline\293874.exe
%AppData%\skynet\muonline\345674.exe
%AppData%\skynet\muonline\345676.exe
%AppData%\skynet\muonline\435627.exe
%AppData%\skynet\muonline\543978.exe
%AppData%\skynet\muonline\546783.exe
%AppData%\speedrunner\sruninstall.exe
%AppData%\system\system32.exe
%AppData%\systemproc\lsass.exe
%AppData%\temp.dll
%AppData%\truesword4.exe
%AppData%\vigaze\2497.exe
%AppData%\wefisetup.exe
%AppData%\winbutler\winbuninstaller.exe
%AppData%\winbutler\winbutler.exe
%AppData%\windows.exe
%AppData%\wintouch\wintouch.exe
%AppData%\wintouch\wtuninstaller.exe
%AppData%\wrar380d.exe
%AppData%\yeah\yeah374809.exe
%CommonAppData%\38001914.exe
%CommonAppData%\3810eef8.exe
%CommonAppData%\381751d0.exe
%CommonAppData%\388f0900.exe
%CommonAppData%\38d3ff69.exe
%CommonAppData%\aol downloads\aoltoolbar\setuptoolbar.exe
%CommonAppData%\av1\av1.exe
%CommonAppData%\av1\av1i.exe
%CommonAppData%\av1\av1i2.exe
%CommonAppData%\av1\av1two.exe
%CommonAppData%\av1\qwprotect.dll
%CommonAppData%\av1\svchost.exe
%CommonAppData%\av2010\av2010.exe
%CommonAppData%\av2010\iedefender.dll
%CommonAppData%\av2010\svchost.exe
%CommonAppData%\brainsys\dirlock.exe
%CommonAppData%\dyned\eng_loc.exe
%CommonAppData%\e4a12b7\extraav.exe
%CommonAppData%\e4a12b7\ua2009.exe
Notes:
  • %AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
  • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
  • %CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "1.exe" has the following possible countries of origin:
OriginNumber of Incidents
Russian Federation80
China46
Spain8
France7
Argentina4
Germany4
United Kingdom4
Sweden3
Australia1
Belgium1
Israel1
Netherlands1
Portugal1

The following threats are known to be associated with the file "1.exe":
Threat AliasNumber of Incidents
Backdoor.Frauder!sd6 [PC Tools]1,543
Mal/EncPk-EU, Mal/Dorf-E [Sophos]1,332
Mal/Dorf-E [Sophos]1,316
Generic BackDoor [McAfee]1,286
Trojan.Fakeavalert [Symantec]1,274
Backdoor.Win32.Frauder.eq [Kaspersky Lab]1,066
New Malware.ag [McAfee]827
BKDR_FRAUDER.OY [Trend Micro]820
Trojan:Win32/Tibs.ID [Microsoft]820
Backdoor.Win32.Frauder.eq [Ikarus]779
Trojan:Win32/Tibs.IH [Microsoft]545
Troj/FakeAle-FJ [Sophos]451
Backdoor.Win32.Frauder.ln [Kaspersky Lab]360
Virus.Win32.Tipa [Ikarus]315
Packed.Generic.186 [Symantec]295
Tibs-Packed [McAfee]270
Backdoor.Win32.Frauder.fb [Kaspersky Lab]265
Backdoor.Win32.Frauder.kj [Kaspersky Lab]224
Troj/Bdoor-AOK [Sophos]224
Trojan:Win32/Tibs.IF [Microsoft]223
Backdoor.Win32.Frauder.jt [Kaspersky Lab]211
Backdoor.Win32.Frauder.fb [Ikarus]209
Mal/Generic-A [Sophos]193
Trojan.Zlob [Symantec]176
Generic.Win32.Malware.FakeAlert.N [Ikarus]172
FakeAlert-AR [McAfee]155
Trojan-Downloader.Win32.Hoaxer.a [Kaspersky Lab]149
TrojanDownloader:Win32/Renos.AU [Microsoft]145
not-a-virus:FraudTool.Win32.Agent.bp [Kaspersky Lab]144
not-a-virus:FraudTool.Win32.Agent.cb [Kaspersky Lab]143
Trojan.Fakeavalert!sd6 [PC Tools]136
Backdoor.Win32.Frauder.kx [Ikarus]128
Backdoor.Trojan [Symantec]124
Mal/EncPk-CZ [Sophos]114
Backdoor.Win32.Frauder.jt [Ikarus]113
Generic.dx [McAfee]102
Generic PUP.x [McAfee]96
not-a-virus:FraudTool.Win32.Agent.cd [Kaspersky Lab]90
Trojan Horse [Symantec]89
Trojan.Peed [Ikarus]85
TrojanDownloader:Win32/Renos.DU [Microsoft]82
Generic PUP.z [McAfee]81
Generic Downloader.x [McAfee]78
Downloader.MisleadApp [Symantec]74
Trojan:Win32/Tibs.IG [Microsoft]64
Backdoor.Win32.Frauder.in [Kaspersky Lab]63
RogueAntiSpyware.PCHealthCenter [PC Tools]59
Infostealer [Symantec]58
TROJ_FAKEALE.AY [Trend Micro]49
Trojan-PSW.Win32.Dybalom.atk [Kaspersky Lab]48
Backdoor.Graybird [Symantec]43
Trojan-PSW.Generic [PC Tools]43
Suspicious.MH690 [Symantec]41
Trojan-Downloader.Hoaxer!sd6 [PC Tools]40
Trojan.KillAV [Symantec]38
New Malware.aj [McAfee]37
Trojan-Spy.Win32.Pophot [Ikarus]36
Packed/Upack [AhnLab]31
PHISH.FraudTool.Agent.BP [Ikarus]30
Trojan-Downloader.Zlob.GEN [PC Tools]30
Mal/Packer [Sophos]28
Win-Trojan/Xema.variant [AhnLab]24
Exp/MS08067-A [Sophos]22
Exploit.Win32.IMG-WMF.fk [Kaspersky Lab]22
Hacktool [Symantec]22
not-a-virus:PSWTool.Win32.NetPass.q [Kaspersky Lab]22
TrojanDownloader:Win32/Renos.EZ [Microsoft]22
Backdoor.Graybird!sd6 [PC Tools]21
Trojan.Ducky.B [Symantec]20
VirTool:Win32/Injector.gen!AG [Microsoft]20
not-a-virus:PSWTool.Win32.NetPass.b [Ikarus]18
Trojan-Dropper.Agent [Ikarus]18
Program:Win32/FakeAlert.N [Microsoft]17
PSWTool.NetPass!sd5 [PC Tools]17
Trojan.Win32.Midgare.adjf [Kaspersky Lab]17
Win32.SuspectCrc [Ikarus]17
Exploit.MS08-67 [PC Tools]15
Generic FakeAlert.a [McAfee]14
Infostealer.Gampass [Symantec]14
Trojan.Win32.Delf.avg [Kaspersky Lab]14
VirTool.Win32.VBInject [Ikarus]12
BackDoor-CEP.gen.am [McAfee]11
Win-Trojan/Ducky.16384 [AhnLab]11
Backdoor.Win32.Frauder.ob [Kaspersky Lab]10
Trojan.Midgare [Ikarus]10
Downloader [Symantec]9
Exploit.Win32.IMG-WMF [Ikarus]9
StartPage-HR [McAfee]9
Trojan:Win32/Dogrobot.E [Microsoft]9
Trojan-Spy.Pophot.WX [PC Tools]9
W32.SillyFDC [Symantec]9
Win-Trojan/Midgare.39325 [AhnLab]9
Win-Trojan/OnlineGameHack.B [AhnLab]9
Mal/TibsPk-A [Sophos]8
TROJ_ZLOB.AKT [Trend Micro]8
Trojan-Downloader.VB!sd6 [PC Tools]8
Trojan-Downloader.Win32.VB.lih [Kaspersky Lab]8
W32.SillyDC [Symantec]8
Mal/Dropper-MAP, Mal/Behav-106 [Sophos]7
Trojan.Generic [PC Tools]7