home

---.exe

s4NeO4W

CJWuPD

The executable ---.exe has been detected as malware by 31 anti-virus scanners. While running, it connects to the Internet address 58x158x177x102.ap58.ftth.ucom.ne.jp on port 49293.
Publisher:
CJWuPD

Product:
s4NeO4W

Description:
VVb72t6

Version:
2.1.483.3321

MD5:
60a5b8b23bd19244d94a8a7cf51067f8

SHA-1:
a9e0574341bf16790afe7ccd04af498ba9024a47

SHA-256:
6ac7e1f4686c45877b3d82add1b1fd36a14db25020498dbbdca8a19d410186f7

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/25/2024 10:01:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.MSIL.Cassiopeia.4
332

AegisLab AV Signature
Troj.Msil.Agent!c
2.1.4+

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Malware/Win32.Generic
2016.02.02

Avira AntiVirus
TR/Dropper.MSIL.205306
8.3.2.4

Arcabit
Trojan.MSIL.Cassiopeia.4
1.0.0.653

avast!
Win32:Malware-gen
2014.9-160308

AVG
Pakes2_c
2017.0.2810

Baidu Antivirus
Trojan.Win32.Generik
4.0.3.1638

Bitdefender
Gen:Variant.MSIL.Cassiopeia.4
1.0.20.340

Comodo Security
UnclassifiedMalware
24063

Dr.Web
Trojan.DownLoader16.50958
9.0.1.068

Emsisoft Anti-Malware
Gen:Variant.MSIL.Cassiopeia
8.16.03.08.12

ESET NOD32
MSIL/Injector.MCN (variant)
10.12961

Fortinet FortiGate
MSIL/Kryptik.DUQ!tr
3/8/2016

F-Secure
Gen:Variant.MSIL.Cassiopeia.4
11.2016-08-03_3

G Data
Gen:Variant.MSIL.Cassiopeia
16.3.25

IKARUS anti.virus
Trojan.MSIL.Agent
t3scan.2.0.4.0

K7 AntiVirus
Trojan
13.213.18607

Kaspersky
Trojan.MSIL.Agent
14.0.0.547

McAfee
RDN/Generic.dx
5600.6466

Microsoft Security Essentials
Trojan:Win32/Skeeyah.A!bit
1.1.12400.0

MicroWorld eScan
Gen:Variant.MSIL.Cassiopeia.4
17.0.0.204

NANO AntiVirus
Trojan.Win32.Agent.dxlotn
1.0.14.5798

Panda Antivirus
Trj/CI.A
16.03.08.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Sophos
Mal/Generic-S
4.98

Trend Micro
TROJ_GEN.R021C0EJ515
10.465.08

Vba32 AntiVirus
Trojan.MSIL.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
46912

Zillya! Antivirus
Trojan.Agent.Win32.584395
2.0.0.2642

File size:
332 KB (339,968 bytes)

Product version:
2.1.483.3321

Copyright:
Copyright (C) 2010-2012 EFYURvm Ekth8

Original file name:
VVb72t6.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/28/2015 4:22:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:bN1Osrp/jzq2MqCHOyTi0LdJZK25eDSAMciaT+j3Fk2RbEAlFA0WHMdJ7Td0XrqV:bzOsr42CHOym0XgI5AMu+e2RF/WuG7qV

Entry address:
0x4BEA8

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296 KB (303,104 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to 58x158x177x102.ap58.ftth.ucom.ne.jp  (58.158.177.102:49293)

Remove ---.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.