» anumanlive.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

anumanlive.exe

Anuman Interactive

The executable anumanlive.exe has been detected as malware by 14 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AnumanLive’. While running, it connects to the Internet address cluster003.ovh.net on port 80 using the HTTP protocol.

File name:

anumanlive.exe

Publisher:

Anuman Interactive

Description:

Anuman Live

Version:

1.0.7.7

MD5:

03d56f3fe313d6a74f42c7ddbee2339e

SHA-1:

bee415aa940c1f7686ae170ef4155cdcff25d675

SHA-256:

1160e69831e2e094b8b67b37e3dff6a80305614d65cfbe6944e38738cecff71a

Scanner detections:

14 / 68

Status:

Malware

Analysis date:

4/23/2024 4:52:15 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Clicker.W32.Delf

2.1.4+

AhnLab V3 Security

Win-Trojan/Xema.variant

2014.02.05

AVG

SHeur

2015.0.3569

Baidu Antivirus

Trojan.Win32.Generic

4.0.3.1428

Fortinet FortiGate

PossibleThreat

2/8/2014

IKARUS anti.virus

Trojan.Win32.SuspectCRC

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.11064

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.4341

McAfee

Artemis!03D56F3FE313

5600.7225

Norman

Suspicious_Gen2.JSQF

11.20140208

nProtect

Trojan/W32.Agent.347648.CM

14.02.04.02

Rising Antivirus

PE:Trojan.Win32.Generic.12965F7E!311844734

23.00.65.14206

Trend Micro House Call

TROJ_SPNR.03JR11

7.2.39

Trend Micro

TROJ_SPNR.03JR11

10.465.08

File size:

339.5 KB (347,648 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\users\{user}\appdata\roaming\anuman interactive\anumanlive\anumanlive.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:yc+QCCqUoHnruXBkXbr+22Vnel6Hx5joq25PItD9HlNTzKxG0CrODzwDzzwpOy:SUoHruXS+h5egRp2JeJlNTzKw0VYDPwc

Entry address:

0xE0C40

Entry point:

60, BE, 00, 10, 49, 00, 8D, BE, 00, 00, F7, FF, C7, 87, C4, 60, 0B, 00, FC, 6A, C0, 03, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 19, 8B, 1E, 83, EE, FC, 11, DB, 72, 10, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 78, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07... 
[+]

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:

320 KB (327,680 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AnumanLive

Command:

C:\users\{user}\appdata\roaming\anuman interactive\anumanlive\anumanlive.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to cluster003.ovh.net (213.186.33.4:80)

Remove anumanlive.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.