» 迅雷白金会员获取器.exe
Overview
Analysis
File Details
Downloads (2)
Network (3)

迅雷白金会员获取器.exe

ThunderHelper

The executable 迅雷白金会员获取器.exe has been detected as malware by 20 anti-virus scanners. The file has been seen being downloaded from www.pf11.com and multiple other hosts. While running, it connects to the Internet address ns2.ivanso.net on port 80 using the HTTP protocol.

File name:

迅雷白金会员获取器.exe

Product:

ThunderHelper

Version:

1.00

MD5:

f65365ed66a2da47294ce13c95a23853

SHA-1:

638609296bf18c5f9b0c2f8d20b7ac448a0e1051

SHA-256:

bf1cf754ad5f5f3560047b8eeb784c72bf79a042dec4d50d033e32912a7b19b6

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

4/23/2024 2:12:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.34011

1123

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2014.01.04

Bitdefender

Gen:Variant.Symmi.34011

1.0.20.40

Bkav FE

W32.Clod01a.Trojan

1.3.0.4613

Comodo Security

UnclassifiedMalware

17551

Emsisoft Anti-Malware

Gen:Variant.Symmi.34011

8.14.01.08.08

Fortinet FortiGate

Bfr.FJ!tr

1/8/2014

F-Secure

Gen:Variant.Symmi.34011

11.2014-08-01_4

G Data

Gen:Variant.Symmi.34011

14.1.22

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Riskware

13.175.10735

McAfee

RDN/Generic.bfr!fj

5600.7257

MicroWorld eScan

Gen:Variant.Symmi.34011

15.0.0.24

Norman

Troj_Generic.QODCZ

11.20140108

Panda Antivirus

Suspicious file

14.01.08.08

Rising Antivirus

PE:Trojan.VBInject!1.6546

23.00.65.14106

Trend Micro House Call

TROJ_GEN.R0CBC0OLD13

7.2.8

Trend Micro

TROJ_GEN.R0CBC0OLD13

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

25078

File size:

95.5 KB (97,792 bytes)

Product version:

1.00

Original file name:

game.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\?????????.exe

File PE Metadata

Compilation timestamp:

10/9/2013 8:17:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:MWJ4dTwFCEiT8BYUIBZOTXfXeZ1OhHqggSUp/mDSnouy8iBXirA2/yR:MWJmNRBU3DfXkshKgleDoutixiU2aR

Entry address:

0x44350

Entry point:

60, BE, 00, 40, 43, 00, 8D, BE, 00, D0, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, E2, 2A, 04, 00, 57, 83, C3, 04, 53, 68, 4A, 03, 01, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.5011

Code size:

68 KB (69,632 bytes)

The file 迅雷白金会员获取器.exe has been seen being distributed by the following 2 URLs.

http://www.pf11.com/?????????.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ns2.ivanso.net (182.237.3.75:80)

TCP (HTTP):

Connects to 158.226.204.221.adsl-pool.sx.cn (221.204.226.158:80)

TCP (HTTP):

Connects to c4.3e.559e.ip4.static.sl-reverse.com (158.85.62.196:80)

Remove 迅雷白金会员获取器.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.