home

8128.exe

The executable 8128.exe has been detected as malware by 38 anti-virus scanners. This trojan will attemp to establish a connection to a remote server through various TCP ports and will use Winlogon to survive reboots.
MD5:
e930543e5a8ce80194454d8ad834eeec

SHA-1:
ce7d6c47938c5c48d430ce504599259714c18315

SHA-256:
b7129c66d412d95a4c99669c5e25303c48f7d8447c8eca6a70a7fcd8bbdebe69

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
4/25/2024 9:04:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.110665
799

Agnitum Outpost
Trojan.Kryptik
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.10.25

Avira AntiVirus
TR/Crypt.Xpack.100606
7.11.181.44

avast!
Win32:Malware-gen
141119-1

AVG
Trojan horse Crypt3.AWOY
2014.0.4189

Baidu Antivirus
Worm.Win32.Hamweq
4.0.3.141128

Bitdefender
Gen:Variant.Zusy.110665
1.0.20.1660

Bkav FE
W32.TaskmanThundef.Trojan
1.3.0.6185

Clam AntiVirus
Win.Trojan.Generickd-1103
0.98/21411

Comodo Security
UnclassifiedMalware
19890

Dr.Web
Trojan.Asterope.4
9.0.1.05190

Emsisoft Anti-Malware
Worm.Win32.Hamweq
8.14.11.28.12

ESET NOD32
Win32/Kryptik.CNIY trojan
7.0.302.0

Fortinet FortiGate
W32/Kryptik.CNIY!tr
11/28/2014

F-Secure
Gen:Variant.Zusy.110665
11.2014-28-11_6

G Data
Gen:Variant.Zusy.110665
14.11.24

IKARUS anti.virus
Trojan.Win32.Yakes
t3scan.1.7.8.0

K7 AntiVirus
Trojan
13.185.13789

Kaspersky
Worm.Win32.Hamweq
14.0.0.2880

Malwarebytes
Trojan.Pseudo
v2014.11.28.12

McAfee
Trojan-FFBG!94E19587C121
5600.6933

Microsoft Security Essentials
Trojan:Win32/Lethic.B
1.11104

MicroWorld eScan
Gen:Variant.Zusy.110665
15.0.0.996

NANO AntiVirus
Trojan.Win32.Xpack.dgsaws
0.28.2.62841

Norman
Injector.HIOC
11.20141128

nProtect
Trojan.GenericKD.1922400
14.10.24.01

Panda Antivirus
Trj/Zbot.AB
14.11.28.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.Lethic.r4
11.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.28.0

Sophos
Mal/Generic-L
4.98

Total Defense
Win32/Lethic.XbILPDD
37.0.11247

Trend Micro House Call
TROJ_GEN.R0C2C0DJF14
7.2.332

Trend Micro
TROJ_GEN.R0C2C0DJF14
10.465.28

Vba32 AntiVirus
Heur.Malware-Cryptor.Ngrbot
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34220

Zillya! Antivirus
Backdoor.Androm.Win32.12111
2.0.0.1966

File size:
71.9 KB (73,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\8128.exe

File PE Metadata
Compilation timestamp:
10/13/2014 3:03:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:o4m5NznGvSkizgz/p+Yx9OOckUr2QJrEO4vu3Pfqsv46l4l6tsu2OgYrEh3iy:bm5NbGvNizYf/aFWIPNDGe8gy

Entry address:
0x3A82

Entry point:
E8, 35, 17, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 53, 56, 57, 55, 6A, 00, 6A, 00, 68, A4, 3A, 40, 00, FF, 75, 08, E8, 68, 60, 00, 00, 5D, 5F, 5E, 5B, 8B, E5, 5D, C3, 8B, 4C, 24, 04, F7, 41, 04, 06, 00, 00, 00, B8, 01, 00, 00, 00, 74, 32, 8B, 44, 24, 14, 8B, 48, FC, 33, C8, E8, 86, 17, 00, 00, 55, 8B, 68, 10, 8B, 50, 28, 52, 8B, 50, 24, 52, E8, 14, 00, 00, 00, 83, C4, 08, 5D, 8B, 44, 24, 08, 8B, 54, 24, 10, 89, 02, B8, 03, 00, 00, 00, C3, 53, 56, 57, 8B, 44, 24, 10, 55, 50, 6A, FE, 68, AC, 3A, 40, 00, 64...
 
[+]

Code size:
39 KB (39,936 bytes)

Remove 8128.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.