Threat Database Viruses Virus.Expiro.K

Virus.Expiro.K

By CagedTech in Viruses

Threat Scorecard

Popularity Rank: 12,553
Threat Level: 80 % (High)
Infected Computers: 1,790
First Seen: December 16, 2021
Last Seen: April 5, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Virus.Expiro.K
Signature status: No Signature

Known Samples

MD5: 678a16bb50241f3274d3cf83d93c4781
SHA1: e1e4e296098133f3c6797039958c3d83ab925e16
SHA256: 508166E9B9550681A0522B23AEC94E7A75F7FFF0E2F7583850BA4F4722C3654B
File Size: 234.51 KB, 234511 bytes
MD5: 09b4733f6f3adfdc8221d7c548bd49ed
SHA1: e88113d93b00c05902a4a26433b8fba30b664a6b
SHA256: 65C522A159131421E7374F0A924086A523A49E89D68D831EA17982991D1D0944
File Size: 168.96 KB, 168960 bytes
MD5: 4368cbd5f6cf8ff417ededc3c48bb797
SHA1: 85b7c6ef997403fae2b31c5ce199536d79169f02
SHA256: C991C51724DB3A29DCD3465A8226D3B6C79DED49BA4013ED790F950AE17AEBFA
File Size: 234.51 KB, 234511 bytes
MD5: 2d375fec6fd110dd95bcee1372708af7
SHA1: 8aa3b8995eed640b3b8743a158397e19a9d35230
SHA256: BDAB0E51FD353DBF22DF4E0303881A28E98985E303A9F94DFB7CC56AE3BFE7B7
File Size: 234.51 KB, 234511 bytes
MD5: 74996ac67ae01c3a2bc9cd34e9b050fc
SHA1: 1424da710f22b4d5ef3be7712eb958483753c25d
SHA256: 35888E39D63259EEC4866F9047D7DA9B3FCEBFC9B26B864A7D6AC998454A12E2
File Size: 234.38 KB, 234383 bytes
Show More
MD5: 3f8e55cfb7c6459249ac3b86f6962774
SHA1: 77c6674da4ea897c704d8664999861ec46f5fa5e
SHA256: 148735E4EFAB55C2045725DB9CE559A2492BBE0DFFC5B49308BE42918F87D66B
File Size: 233.71 KB, 233711 bytes
MD5: 6ae493c6a2872d570778f5e6b48db691
SHA1: 15ce5912b44e333a8adfc4ed16dfb4478375faf2
SHA256: 79A96903BE8155FCB3B1A718E870DDBB530D1255386051D63903DB1DFA7ED4A7
File Size: 233.87 KB, 233871 bytes
MD5: 676a5fd1cf641deee383fdab4ae27f3b
SHA1: 91c28ab159585a1d6db8b66ef43de960bbcfef1f
SHA256: 5AB005B8C1E93CC0D8179EF991E49CFAA5884505645E3FA4419FBBA5C76F4C7C
File Size: 234.51 KB, 234511 bytes
MD5: ca843a28b05425feb2366922ec0b9ac2
SHA1: 20f29322d4a605995e31b4792fa5b3d816d02eef
SHA256: BCFB45D38868756EC873234F2C9CE76A401EDBD4104607050A94EFDE12ED8B88
File Size: 597.50 KB, 597504 bytes
MD5: 503e5032586119e8ffdf28ff519e1de3
SHA1: 6b9c776f77f2adcbd625461880dd307938b9b125
SHA256: B21AC8A66B8BA4146A14244B9A09EE14EBFF04505EC6D0C5AE0F1597EE9A0FEA
File Size: 394.70 KB, 394703 bytes
MD5: 969f56db7826bcab9cf3559d3e2ca738
SHA1: 49446cd15b572cef006b22d1e5a183fee7f45b8f
SHA256: 127CB9F63040A3251F51713F93C90296ED1E1392E38C0B226EC08706E72B1507
File Size: 947.20 KB, 947200 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 1.0.0.0
Comments https://www.anerty.net/
Company Name
  • Google LLC
  • „Google Inc.“
File Description
  • El instalador de Google
  • FAT disks sorting tool
  • Google-asennusohjelma
  • Google alat za instalaciju
  • Google Installer
  • Google instalēšanas programma
  • Google telepítő
  • Google uppsetningarforrit
  • Google Yükleyici
  • Google इंस्टॉलर
Show More
  • Google इन्स्टॉलर
  • Google ইনস্টলার
  • Google ઇન્સ્ટોલર
  • Google ସଂସ୍ଥାପକ
  • Google நிறுவி
  • Google ఇన్స్టాలర్
  • Google ഇന്‍സ്റ്റാളര്‍
  • Google ጫኝ
  • Google インストーラ
  • Google 安装程序
  • Google 安裝程式
  • Google 설치 프로그램
  • Instalador do Google
  • Instalační program Google
  • Installasjonsprogram for Google
  • Inštalačný program Google
  • Kisakinishi cha Google
  • Pemasang Google
  • Programme d'installation de Google
  • Установщик Google
  • مثبِّت Google
  • نصب کننده Google
  • گوگل انسٹالر
  • „Google“ diegimo programa
File Version
  • 1.242
  • 1.3.36.121
  • 1.3.36.111
  • 1.3.36.101
  • 1.3.36.51
  • 1.3.35.451
  • 1.3.35.421
  • 1.3.35.341
  • 1.0.0.0
Internal Name
  • DriveSort
  • Google Update
  • MainV.exe
Legal Copyright
  • Anerty (/-\) 2003-2018
  • Autoriõigustega kaitstud. 2018 Google LLC
  • Autorska prava 2018 Google LLC
  • Autortiesības 2007–2010 Google LLC
  • Bản quyền 2018 Google LLC
  • Copyright 2007 - 2010 Google LLC
  • Copyright 2007–2010 Google LLC
  • Copyright 2018 Google LLC
  • Copyright 2018 Google LLC‎
  • Copyright Google LLC 2018
Show More
  • Copyright © 2018 Google LLC
  • Derechos de autor 2018 Google LLC
  • Hak Cipta 2018 Google LLC
  • Hak cipta 2018 Google LLC
  • Höfundarréttur 2018 Google LLC
  • Telif Hakkı 2018 Google LLC
  • © 2018 Google LLC
  • © Google LLC, 2018 гг.
  • © „Google Inc.“, 2007–2010 m.
  • Πνευματικά δικαιώματα 2018 Google LLC
  • Авторське право 2007–2010 Google LLC
  • Ауторска права 2007–2010. Google LLC
  • حق اشاعت 2018 گوگل انکارپوریٹڈ
  • حق نسخه برداری 2018 Google LLC
  • حقوق الطبع والنشر لعام 2018 محفوظة لشركة Google LLC
  • कॉपीराइट 2018 Google LLC
  • কপিরাইট 2018 Google LLC
  • કૉપીરાઇટ © 2018 Google LLC
  • ସତ୍ବାଧିକାର2018 Google LLC
  • பதிப்புரிமை 2007 Google LLC
  • కాపీరైట్ © 2018 Google LLC
  • പകര്‍‌പ്പവകാശം 2018 Google LLC
  • ลิขสิทธิ์ 2018 Google LLC
  • የቅጂ መብት 2018 Google LLC
  • 版权所有 2018 Google LLC
Original Filename
  • DriveSort.exe
  • GoogleUpdate.exe
  • MainV.exe
Product Name
  • Google'i uuendus
  • Google-oppdatering
  • Google atjauninājums
  • Google ažuriranje
  • Google frissítés
  • Google Güncelleme
  • Google Päivitä
  • Google Update
  • Google uppfærsla
  • Google Актуализация
Show More
  • Google ажурирање
  • Google تازہ کاری کریں
  • Google अद्यतन
  • Google अपडेट
  • Google আধুনিকীকরণ
  • Google અઘતન
  • Google ଅଦ୍ୟତନ
  • Google புதுப்பி
  • Google నవీకరణ
  • Google ಮಾರ್ಪಡಿಸಿ
  • Google കാലാനുസൃതമാക്കുക
  • Google ዝመና
  • Google“ naujinimas
  • Google 更新
  • Google 업데이트
  • Kemas Kini Google
  • Posodobitve za Google
  • Оновлення Google
  • עדכון Google
  • بروزرسانی Google
  • ข่าวอัพเดต Google
Product Version
  • 1.3.36.121
  • 1.3.36.111
  • 1.3.36.101
  • 1.3.36.51
  • 1.3.35.451
  • 1.3.35.421
  • 1.3.35.341
  • 1.0.0.0

Digital Signatures

Signer Root Status
Google LLC DigiCert Assured ID Code Signing CA-1 Hash Mismatch
Google LLC DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Google LLC DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Hash Mismatch
Google Inc Thawte Code Signing CA - G2 Hash Mismatch

File Traits

  • big overlay
  • HighEntropy
  • Installer Version
  • No Version Info
  • x86

Block Information

Total Blocks: 2,490
Potentially Malicious Blocks: 5
Whitelisted Blocks: 2,477
Unknown Blocks: 8

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 x 0 ? ? ? x x x x ? 1 1 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 2 0 0 1 0 0 0 0 0 2 0 0 2 0 0 0 0 2 0 0 2 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll Generic Write,Read Attributes
c:\programdata\asus\armoury crate diagnosis\asuslog\atkexcom_axins.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rcxbbf2.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\zgokr00.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\zgokr00.exe Synchronize,Write Data

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Keyboard Access
  • GetAsyncKeyState
  • GetKeyState
Service Control
  • OpenSCManager
  • OpenService

Related Posts

Trending

Most Viewed

Loading...