home

coojah6.zip.exe

The application coojah6.zip.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.hensence.com.
MD5:
fa7042262079e5f129f0f37722829547

SHA-1:
a747038d6e0697c70940c54a2a1956e50079e28f

SHA-256:
843f71ad21e92e75c071988ef892c1e0e2b001059bb04b1b9338484b0e229443

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 4:20:11 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Agent.hpzf.2
7.11.204.208

avast!
Win32:PUP-gen [PUP]
2014.9-150216

Dr.Web
Trojan.Siggen3.3341
9.0.1.047

IKARUS anti.virus
not-a-virus:NetTool.Win32.Sniffer
t3scan.1.8.6.0

Kaspersky
not-a-virus:NetTool.Win32.Sniffer
14.0.0.2477

McAfee
Artemis!FA7042262079
5600.6852

NANO AntiVirus
Trojan.Win32.Siggen3.dcdvtr
0.30.0.64812

Norman
Suspicious_Gen2.PLRPV
11.20150216

Quick Heal
NetTool.Sniffer.g3 (Not a Virus)
2.15.14.00

Trend Micro House Call
TROJ_GEN.R08JB01K714
7.2.47

Vba32 AntiVirus
Trojan.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36918

Zillya! Antivirus
Trojan.Agent.Win32.172488
2.0.0.2043

File size:
5.8 MB (6,045,828 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
5/14/2002 2:22:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
98304:IiCS/nT58p+lJFuUDEXo3y1Q+8sOnBaBDLDuRebaLeRRSMGxs5VnMBOdLN:IonTFlJgS73JB4HCWU9s5FMkN

Entry address:
0x1E800

Entry point:
60, BE, 00, 90, 41, 00, 8D, BE, 00, 80, FE, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
24 KB (24,576 bytes)

The file coojah6.zip.exe has been seen being distributed by the following URL.

http://www.hensence.com/coojah/.../coojah6.zip.exe

Remove coojah6.zip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.