home

akxkxk.exe

Pony

Gain complex - www.Pony.com

The executable akxkxk.exe, “Tightly blind eventually industrial powder” has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Akxkxk’. This worm can steal user names and passwords by monitoring network communication, block websites, and launch a denial of service (DoS) attack. The file has been seen being downloaded from 111.179.39.83.
Publisher:
Gain complex - www.Pony.com

Product:
Pony

Description:
Tightly blind eventually industrial powder

Version:
4.0.0.5

MD5:
20c2b6975bc5202b0ab64a2ce388d133

SHA-1:
0ffb9fde7962c03de06e7f00ec867fb57bff46c6

SHA-256:
35327f6fc2c47bbc1bf805ee8f05bfbd8248fd5f5b5ad6657d86f2c568bb9a01

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/25/2024 7:35:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2195322
701

AhnLab V3 Security
Trojan/Win32.MDA
2015.03.06

Avira AntiVirus
TR/Crypt.Xpack.157584
7.11.213.230

avast!
Win32:Malware-gen
2014.9-150306

AVG
Crypt3
2016.0.3179

Baidu Antivirus
Worm.Win32.Ngrbot
4.0.3.1536

Bitdefender
Trojan.GenericKD.2195322
1.0.20.325

Bkav FE
W32.KryptikDadbJ.Trojan
1.3.0.6379

Dr.Web
BackDoor.IRC.NgrBot.449
9.0.1.065

Emsisoft Anti-Malware
Trojan.GenericKD.2195322
8.15.03.06.06

ESET NOD32
Win32/Kryptik.DAJI (variant)
9.11273

Fortinet FortiGate
W32/Foreign.AS!tr
3/6/2015

F-Prot
W32/S-0b92b060
v6.4.7.1.166

F-Secure
Trojan.GenericKD.2195322
11.2015-06-03_6

G Data
Trojan.GenericKD.2195322
15.3.25

IKARUS anti.virus
Trojan.Win32.Crypt
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15170

Kaspersky
Worm.Win32.Ngrbot
14.0.0.2389

Malwarebytes
Trojan.Agent.DED
v2015.03.06.06

McAfee
RDN/Sdbot.worm!cd
5600.6835

Microsoft Security Essentials
Worm:Win32/Dorkbot.I
1.1.11400.0

MicroWorld eScan
Trojan.GenericKD.2195322
16.0.0.195

NANO AntiVirus
Trojan.Win32.Lethic.dorjhh
0.30.0.296

Norman
Kryptik.CEZK
11.20150306

nProtect
Trojan.GenericKD.2195322
15.03.05.01

Panda Antivirus
Trj/Chgt.O
15.03.06.06

Sophos
Mal/Wonton-AS
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
10014

Trend Micro House Call
TROJ_GEN.R047H07C315
7.2.65

VIPRE Antivirus
Trojan.Win32.Generic
38142

File size:
223.5 KB (228,864 bytes)

Product version:
5.0

Copyright:
Copyright (C) Pony 2008-2013

File type:
Executable application (Win32 EXE)

Language:
Arabic (Saudi Arabia)

Common path:
C:\users\{user}\appdata\roaming\identities\akxkxk.exe

File PE Metadata
Compilation timestamp:
3/3/2015 2:59:09 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:1G5JGtmpZrEmYxwj/Ag0FutNX05Sn9+0hHJjFYAfcSiXjFHgCxaWQyY4IaZ+:estmvvpAOtayhHxQXZAiaWQ+x0

Entry address:
0x7028

Entry point:
E8, 30, 6D, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, 83, EC, 08, 89, 7D, FC, 89, 75, F8, 8B, 75, 0C, 8B, 7D, 08, 8B, 4D, 10, C1, E9, 07, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF...
 
[+]

Code size:
94.5 KB (96,768 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Akxkxk

Command:
C:\users\{user}\appdata\roaming\identities\akxkxk.exe


The file akxkxk.exe has been seen being distributed by the following URL.

http://111.179.39.83/ngfix.exe

Remove akxkxk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.