home

anti_filter_u89.exe

Home ultra

Home

The application anti_filter_u89.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc108.4shared.com.
Publisher:
Home

Product:
Home ultra

Description:
ultra

Version:
1, 0, 0, 1

MD5:
f556271e1338dfc224cbebf6fe8f8eae

SHA-1:
054f755a4037ba3bc4c17a5f4c681a1204f35e0d

SHA-256:
a70560275b6f6e9586a30f473b01f2584717df66a338204c696b55aa9994ca59

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:49:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

avast!
Win32:PUP-gen [PUP]
2014.9-140203

AVG
BackDoor.Agent.YTH.dropper
2015.0.3575

ESET NOD32
Win32/UltraReach.AB (variant)
8.9310

Fortinet FortiGate
Riskware/UltraSurf
2/3/2014

F-Prot
W32/Trojan2.ASYO
v6.4.7.1.166

IKARUS anti.virus
Backdoor.Win32.Hupigon
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10881

Kaspersky
not-a-virus:NetTool.Win32.UltraSurf
14.0.0.4368

Malwarebytes
Trojan.Agent
v2014.02.03.09

McAfee
Generic.dx!F556271E1338
5600.7231

NANO AntiVirus
Trojan.Win32.Gendal.xahvz
0.28.0.57029

Norman
Suspicious_Gen2.DTE
11.20140203

SUPERAntiSpyware
Trojan.Agent/Gen-Hupigon
10806

Total Defense
Win32/Tnega.AFDO
37.0.10498

Trend Micro House Call
HKTL_USURF
7.2.34

Trend Micro
HKTL_USURF
10.465.03

Vba32 AntiVirus
Backdoor.Hupigon
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25596

File size:
212.5 KB (217,600 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright ? 2008

Original file name:
ultra.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\anti_filter_u89.exe

File PE Metadata
Compilation timestamp:
4/7/2008 12:12:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:obhW6ZNK8kxbvM6qVYqQyYOmaq63Ckl+GPDJNn6lsJ9t57OGskwuZ53lWQMEdFFH:o8c18vM64LYOmaq6TIS6lyX7Tp/1Zv

Entry address:
0x62C10

Entry point:
60, BE, 00, 00, 43, 00, 8D, BE, 00, 10, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11...
 
[+]

Entropy:
7.7747

Packer / compiler:
UPX 2.90LZMA]

Code size:
204 KB (208,896 bytes)

The file anti_filter_u89.exe has been seen being distributed by the following URL.

http://dc108.4shared.com/download/.../Anti_filter_U89.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to www.moneybookers.com  (93.191.174.15:443)

TCP (HTTP SSL):
Connects to paypal-2ph-stage-1.serverside.net  (205.174.26.86:443)

TCP (HTTP SSL):
Connects to a23-32-114-22.deploy.static.akamaitechnologies.com  (23.32.114.22:443)

Remove anti_filter_u89.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.