» 22.exe
Overview
Analysis
File Details
Downloads (2)

22.exe

The executable 22.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.weebly.com and multiple other hosts.

File name:

22.exe

Description:

asfasfasf

Version:

124.0.0.0

MD5:

7049abf51f94d39890529de5f4ef2bae

SHA-1:

1eee8786df393fb38525ed6f0ed3ae28673523ea

SHA-256:

4fc324ad5ff792df0268aed1dc4518f9921dead89a9c53632aa76ed72298c5f6

Scanner detections:

31 / 68

Status:

Malware

Analysis date:

4/26/2024 4:00:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1679457

976

Avira AntiVirus

TR/Strictor.51736.33

7.11.151.40

avast!

Win32:Malware-gen

2014.9-140603

AVG

Luhe.Fiha.A

2015.0.3454

Baidu Antivirus

Trojan.Win32.CoinMiner

4.0.3.1463

Bitdefender

Trojan.GenericKD.1679457

1.0.20.770

Comodo Security

UnclassifiedMalware

18313

Dr.Web

Trojan.BtcMine.430

9.0.1.0154

Emsisoft Anti-Malware

Trojan.GenericKD.1679457

8.14.06.03.08

ESET NOD32

Win32/CoinMiner.NJ

8.9838

Fortinet FortiGate

W32/Autoit.CNR!tr

6/3/2014

F-Secure

Trojan.GenericKD.1679457

11.2014-03-06_3

G Data

Trojan.GenericKD.1679457

14.6.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12171

Kaspersky

Trojan.Win32.Autoit

14.0.0.3766

Malwarebytes

Trojan.Agent.WS

v2014.06.03.08

McAfee

RDN/Generic.dx!d2t

5600.7110

MicroWorld eScan

Trojan.GenericKD.1679457

15.0.0.462

NANO AntiVirus

Trojan.Win32.Autoit.cwwwga

0.28.0.59921

Norman

Suspicious_Gen5.AONBA

11.20140603

nProtect

Trojan.GenericKD.1679457

14.05.22.01

Panda Antivirus

Trj/CI.A

14.06.03.08

Qihoo 360 Security

Win32/Trojan.9c2

1.0.0.1015

Quick Heal

Trojan.Autoit.r3

6.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.6.3.20

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.11DM14

7.2.154

Trend Micro

TROJ_SPNR.11DM14

10.465.03

VIPRE Antivirus

Trojan.Win32.Generic

29512

ViRobot

Trojan.Win32.A.Autoit.758784.A

2011.4.7.4223

File size:

741 KB (758,784 bytes)

Product version:

3.3.10.2

asfasgfas

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\22.exe

File PE Metadata

Compilation timestamp:

4/12/2014 12:52:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:3Xe9PPlowWX0t6mOQwg1Qd15CcYk0We17YXYU7AREFQOYZZyeZjZORal/BX7WfoE:ehloDX0XOf4wtkREpYvtjgRMBXMz

Entry address:

0x13C070

Entry point:

60, BE, 00, 80, 4E, 00, 8D, BE, 00, 90, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.9556

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

340 KB (348,160 bytes)

The file 22.exe has been seen being distributed by the following 2 URLs.

http://www.weebly.com/uploads/2/9/3/6/.../22.exe

http://www.weebly.com/uploads/2/8/1/0/.../22.exe

Remove 22.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.