» checkxml.exe
Overview
Analysis
File Details
Downloads (1)

checkxml.exe

LLC Mail.Ru

The application checkxml.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 19 anti-malware scanners. The file has been seen being downloaded from moe-torrents.ru.

File name:

checkxml.exe

Publisher:

LLC Mail.Ru (signed and verified)

MD5:

f352f136b8a2f3194bc2bea9f61931e5

SHA-1:

caa873b4d564060ee8697d1e3afdcd60bead0452

SHA-256:

8c67c53a465767db0de53ea198d19fda810e762f2ad357bd1d31f0b5b26b09d8

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:11:48 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.97.234

avast!

Win32:Downloader-TYN [PUP]

2014.9-130824

Bitdefender

Gen:Variant.Kazy.197993

1.0.20.1180

Comodo Security

TrojWare.Win32.Kryptik.AXJX

16811

Dr.Web

Trojan.LoadMoney.1

9.0.1.0236

Emsisoft Anti-Malware

Gen:Variant.Kazy.197993

8.13.08.24.01

ESET NOD32

Win32/LoadMoney.AA (variant)

7.8722

F-Prot

W32/LoadMoney.F3.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.197993

11.2013-24-08_7

G Data

Gen:Variant.Kazy.197993

13.8.22

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.2.0.127

K7 AntiVirus

Trojan

13.170.9377

Kaspersky

not-a-virus:HEUR:Downloader.Win32.LMN

14.0.0.3773

Malwarebytes

PUP.Downloader.LoadMoney

v2013.08.24.01

MicroWorld eScan

Gen:Variant.Kazy.197993

14.0.0.708

Reason Heuristics

PUP.Optional.MailRu.I

14.3.28.18

Rising Antivirus

Trojan.DL.Small!4D00

23.00.65.13822

Sophos

Troj/LdMon-A

4.91

VIPRE Antivirus

Trojan-Downloader.Win32.LoadMoney.u

20806

File size:

150.4 KB (154,008 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\checkxml.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

Thawte, Inc.

Valid from:

12/8/2011 4:00:00 PM

Valid to:

2/6/2014 3:59:59 PM

Subject:

CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata

Compilation timestamp:

8/23/2013 12:57:27 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

1536:UQhqmcX8g++OBEYSGBeq/GM2rQ9nHTfLzb00ZsK2Jj/WAvN3EcyEnOs4wwC:/hhc83EJJMPxT00Z81vXjwC

Entry address:

0x3BF20

Entry point:

60, BE, 15, 10, 43, 00, 8D, BE, EB, FF, FC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Entropy:

5.9906

Packer / compiler:

UPX 2.90LZMA]

Code size:

48 KB (49,152 bytes)

The file checkxml.exe has been seen being distributed by the following URL.

http://moe-torrents.ru/u6eno+n8/LS8v7ewtr2nobb9oab8tLanjKu+v+y1ur+2jLq37g==/archive/16894163/.../checkxml.exe

Remove checkxml.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.