F5F Stay Refreshed Software Operating Systems A fascinating finding on VirusTotal

A fascinating finding on VirusTotal

A fascinating finding on VirusTotal

D
doctorwhostar
Junior Member
Find
4
09-05-2025, 02:27 PM
#1
I was mainly uninterested and exploring the VT dumps related to the file you're examining. The "Behaviour" section looked intriguing. Under registry actions I found some unusual entries. A registry key was opened: Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\996E.exe. Regedit couldn't locate such a key and the file didn’t exist anywhere. There’s also a note about Processes Terminated at C:\Documents and Settings\Administrator\Local Settings\Temp\EB93A6\996E.exe. Before you rush to the "omg malware" category, think again—it’s not that. This registry action appears in software from Google, Adobe, and others, including applications built with Visual Studio. I’ve reviewed the internet about this strange file and haven’t found any helpful details beyond typical fake sites. If anyone can clarify what it is and does, that would be really helpful.
Reply
Reply
D
doctorwhostar
09-05-2025, 02:27 PM #1

I was mainly uninterested and exploring the VT dumps related to the file you're examining. The "Behaviour" section looked intriguing. Under registry actions I found some unusual entries. A registry key was opened: Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\996E.exe. Regedit couldn't locate such a key and the file didn’t exist anywhere. There’s also a note about Processes Terminated at C:\Documents and Settings\Administrator\Local Settings\Temp\EB93A6\996E.exe. Before you rush to the "omg malware" category, think again—it’s not that. This registry action appears in software from Google, Adobe, and others, including applications built with Visual Studio. I’ve reviewed the internet about this strange file and haven’t found any helpful details beyond typical fake sites. If anyone can clarify what it is and does, that would be really helpful.

Reply
Reply
L
LiamSamuel09
Junior Member
Find
16
09-10-2025, 03:52 PM
#2
Have you tested it out? Check it open and take a look.
Reply
Reply
L
LiamSamuel09
09-10-2025, 03:52 PM #2

Have you tested it out? Check it open and take a look.

Reply
Reply
H
heroboy17
Senior Member
Find
528
09-17-2025, 04:02 PM
#3
It doesn't exist, likely drafted briefly during execution? Who can say for sure?
Reply
Reply
H
heroboy17
09-17-2025, 04:02 PM #3

It doesn't exist, likely drafted briefly during execution? Who can say for sure?

Reply
Reply