» befukocsejyr.exe
Overview
Analysis
File Details
Behaviors (1)
Network (5)

befukocsejyr.exe

The executable befukocsejyr.exe has been detected as malware by 37 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘befukocsejyr’. While running, it connects to the Internet address aurora.impex.com.pl on port 80 using the HTTP protocol.

File name:

befukocsejyr.exe

MD5:

0d1d9a600c4f323abb335a778c760dbe

SHA-1:

f2b51aae3522226a6f8c26baa130e8d955ee05d3

Scanner detections:

37 / 68

Status:

Malware

Analysis date:

4/25/2024 12:38:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1712522

769

Agnitum Outpost

Trojan.Cutwail

7.1.1

AhnLab V3 Security

Trojan/Win32.Agent

2014.09.02

Avira AntiVirus

TR/Crypt.ZPACK.71965

7.11.170.84

avast!

Win32:Malware-gen

2014.9-141227

AVG

SHeur4

2015.0.3247

Baidu Antivirus

Trojan.Win32.Cutwail

4.0.3.141227

Bitdefender

Trojan.GenericKD.1712522

1.0.20.1805

Clam AntiVirus

Win.Trojan.Zbot-34436

0.98/21411

Comodo Security

UnclassifiedMalware

19389

Dr.Web

BackDoor.Bulknet.1150

9.0.1.0361

Emsisoft Anti-Malware

Trojan.GenericKD.1712522

8.14.12.27.05

Fortinet FortiGate

W32/Wigon.PH!tr

12/27/2014

F-Prot

W32/Trojan2.OJAW

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1712522

11.2014-27-12_7

G Data

Trojan.GenericKD.1712522

14.12.24

IKARUS anti.virus

Trojan.Win32.Cutwail

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.183.13230

Kaspersky

Trojan.Win32.Cutwail

14.0.0.2731

Malwarebytes

Trojan.Agent.ED

v2014.12.27.05

McAfee

RDN/Generic Downloader.x!kj

5600.6903

Microsoft Security Essentials

TrojanDownloader:Win32/Cutwail

1.10904

MicroWorld eScan

Trojan.GenericKD.1712522

15.0.0.1083

NANO AntiVirus

Trojan.Win32.Bulknet.dbdlrq

0.28.2.61942

Norman

Troj_Generic.UICOA

11.20141227

nProtect

Trojan.GenericKD.1712522

14.09.01.01

Panda Antivirus

Trj/Genetic.gen

14.12.27.05

Qihoo 360 Security

Win32/Trojan.870

1.0.0.1015

Quick Heal

Trojan.Cutwail.r4

12.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.16D56BAC!383085484

23.00.65.141225

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.16FG14

7.2.361

Trend Micro

TROJ_SPNR.16FG14

10.465.27

Vba32 AntiVirus

Trojan.Cutwail

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32734

ViRobot

Trojan.Win32.A.Cutwail.64000.A

2011.4.7.4223

Zillya! Antivirus

Trojan.Cutwail.Win32.145

2.0.0.1908

File size:

62.5 KB (64,000 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\documents and settings\all users\befukocsejyr.exe

File PE Metadata

Compilation timestamp:

12/13/1992 9:03:43 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.2

CTPH (ssdeep):

1536:GuLaOEnj7nw3uvsEhGF+kqAo1z8snM82o:GuOXjz+uyqAdC+o

Entry address:

0xEB00

Entry point:

55, 8B, EC, 83, EC, 44, 56, FF, 15, 0C, F0, 40, 00, 8B, F0, 8A, 06, 3C, 22, 75, 14, 8A, 46, 01, 46, 84, C0, 74, 04, 3C, 22, 75, F4, 80, 3E, 22, 75, 0D, 46, EB, 0A, 3C, 20, 7E, 06, 46, 80, 3E, 20, 7F, FA, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E9, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 10, F0, 40, 00, E8, 71, 00, 00, 00, 68, 04, 00, 41, 00, 68, 00, 00, 41, 00, E8, 48, 00, 00, 00, F6, 45, E8, 01, 59, 59, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 18, F0, 40, 00, 50, E8, 2E, FE... 
[+]

Entropy:

6.4128

Developed / compiled with:

Microsoft Visual C++

Code size:

55 KB (56,320 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

befukocsejyr

Command:

C:\documents and settings\admin\befukocsejyr.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to yjh.hostposter.com (69.65.11.200:80)

TCP (HTTP):

Connects to www12.aname.net (89.221.250.12:80)

TCP (HTTP):

Connects to leadershipforum.us (66.39.30.185:80)

TCP (HTTP):

Connects to cloudproxy509.sucuri.net (54.244.254.79:80)

TCP (HTTP):

Connects to aurora.impex.com.pl (213.241.14.50:80)

Remove befukocsejyr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.