home

ArgusMonitor.exe

ArgusMonitor

Argotronic UG (haftungsbeschraenkt)

The executable ArgusMonitor.exe has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Argus Monitor’. While running, it connects to the Internet address ud10.udmedia.de on port 80 using the HTTP protocol.
Publisher:
Argotronic UG (haftungsbeschraenkt)

Product:
ArgusMonitor

Version:
2.0.13.1310

MD5:
33d7013245692705a230af2ac42bb461

SHA-1:
0ae5d504b1aa55dc787d007a9ffa667eaca810e0

SHA-256:
ec3c5233fa77bdd28dfcc5ffe01c2e4bd8fab71340cb294e417d32053b67f849

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/27/2024 1:38:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.117.240

Comodo Security
UnclassifiedMalware
17387

IKARUS anti.virus
possible-Threat.Broken-SIG
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10410

Norman
Suspicious_Gen4.CDHPD
11.20140202

Reason Heuristics
Unnamed.Threat.14
14.3.11.13

File size:
1.6 MB (1,647,104 bytes)

Product version:
1

Copyright:
Argotronic UG (haftungsbeschraenkt)

Original file name:
ArgusMonitor.exe

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\argus monitor v2.0.13 build 1310_downloadkade.com\crack\argusmonitor.exe

File PE Metadata
Compilation timestamp:
7/22/2011 12:05:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:Z/r35q8FIfMWl9P//U6mO6APFUrXgkGOU3/qQT:BrWnfmO6AdUjgLR3CG

Entry address:
0x441D10

Entry point:
60, BE, 00, 80, 6B, 00, 8D, BE, 00, 90, D4, FF, C7, 87, C8, D0, 32, 00, 03, 35, C8, 3E, 57, EB, 11, 90, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9291  (probably packed)

Code size:
17.4 MB (18,235,392 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Argus Monitor

Command:
"C:\Program Files\argusmonitor\argusmonitor.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ud10.udmedia.de  (194.117.254.50:80)

Remove ArgusMonitor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.