home

8b031add5ca67aab7a1155340e511197.exe

ag_j_9_e_l_4_

ah_E_X_S_4_

The executable 8b031add5ca67aab7a1155340e511197.exe has been detected as malware by 11 anti-virus scanners. The file has been seen being downloaded from dc256.gulfup.com.
Publisher:
ah_E_X_S_4_

Product:
ag_j_9_e_l_4_

Description:
aK_k_o_r_

Version:
7.9.12.48

MD5:
eed9f9f2e644a7c0fef70f3e3a5a8917

SHA-1:
215a86b0f60c7884d4c09864c04b71b596e53740

SHA-256:
01537e650a37329e78c8ebf5b51d6355cab8b93c1bbbecf281d7eab6f2f918d5

Scanner detections:
11 / 68

Status:
Malware

Analysis date:
4/19/2024 1:25:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.377068
986

avast!
Win32:Malware-gen
140525-0

Bitdefender
Gen:Variant.Kazy.377068
1.0.20.720

Comodo Security
Backdoor.Win32.Delf.~EC
18318

Emsisoft Anti-Malware
Gen:Variant.Kazy.377068
8.14.05.24.08

F-Secure
Gen:Variant.Kazy.377068
11.2014-24-05_7

G Data
Gen:Variant.Kazy.377068
14.5.24

IKARUS anti.virus
Trojan.Inject
t3scan.1.6.1.0

Malwarebytes
Trojan.MSIL.UL
v2014.05.24.08

McAfee
Generic Dropper.agu
5600.7120

MicroWorld eScan
Gen:Variant.Kazy.377068
15.0.0.432

File size:
129 KB (132,096 bytes)

Product version:
7.9.12.48

Copyright:
Copyright © 2006

Trademarks:
aY_c_t_d_G_u_S_

Original file name:
vvvvvvvvvvvvvvvv.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\8b031add5ca67aab7a1155340e511197.exe

File PE Metadata
Compilation timestamp:
5/1/2014 9:04:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:NAiMcO8tSBkzvhAruc8wmOrPIlEmbWcVOBH2U:m9cO8tphhctIlpzVOp2

Entry address:
0x21154

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1213

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
124.5 KB (127,488 bytes)

User Start Menu Item
Name:
8b031add5ca67aab7a1155340e511197.exe


The file 8b031add5ca67aab7a1155340e511197.exe has been seen being distributed by the following URL.

http://dc256.gulfup.com/N5KzqW.exe

Remove 8b031add5ca67aab7a1155340e511197.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.