» cpanel attacker.exe
Overview
Analysis
File Details
Downloads (1)

cpanel attacker.exe

The executable cpanel attacker.exe has been detected as malware by 27 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc288.gulfup.com.

File name:

cpanel attacker.exe

Description:

by ghost-dz

Version:

3.0.0.0

MD5:

0f057d660f30e98b5494183aefc15434

SHA-1:

186b1db76c0653acb00e3fffff6885edc7c2723e

SHA-256:

ddb4976ead288687de74859aab03d1a0302a8ca5fc9093eda0163cc4a41172cc

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

5/17/2024 8:00:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.893490

803

Agnitum Outpost

Trojan.Blocker

7.1.1

AhnLab V3 Security

Trojan/Win32.Ainslot

14.11.24

Avira AntiVirus

Worm/Ainslot.A.888

7.11.150.104

avast!

Win32:Malware-gen

2014.9-141124

Baidu Antivirus

Trojan.Win32.Ransomlock

4.0.3.141124

Bitdefender

Trojan.Generic.KDV.893490

1.0.20.1640

Comodo Security

UnclassifiedMalware

18301

Emsisoft Anti-Malware

Trojan.Generic.KDV.893490

8.14.11.24.08

ESET NOD32

Win32/Ainslot.AA

8.9821

F-Secure

Trojan.Generic.KDV.893490

11.2014-24-11_2

G Data

Trojan.Generic.KDV.893490

14.11.24

IKARUS anti.virus

Worm.Win32.Ainslot

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.177.12128

Kaspersky

Trojan-Ransom.Win32.Blocker

14.0.0.2898

McAfee

Artemis!0F057D660F30

5600.6937

Microsoft Security Essentials

Worm:Win32/Ainslot.A

1.10502

MicroWorld eScan

Trojan.Generic.KDV.893490

15.0.0.984

Norman

Troj_Generic.KJWJK

11.20141124

nProtect

Trojan.Generic.KDV.893490

14.05.19.01

Panda Antivirus

Trj/CI.A

14.11.24.08

Qihoo 360 Security

Win32/Trojan.Ransom.2bf

1.0.0.1015

Quick Heal

Worm.Ainslot.g6

11.14.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DIE13

7.2.328

Trend Micro

TROJ_GEN.R0CBC0DIE13

10.465.24

VIPRE Antivirus

Trojan.Win32.Generic

29386

File size:

1.5 MB (1,572,666 bytes)

Product version:

3.0.0.0

File type:

Executable application (Win32 EXE)

Language:

Arabe (Algérie)

Common path:

C:\users\{user}\downloads\cpanel attacker.exe

File PE Metadata

Compilation timestamp:

10/13/2012 1:57:37 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:613KoZstPgtr9j5DEgCO29J0Ens/DrgLC+WfGQWkgRQFRmZvPXuh0knOEW64nAH7:LisepfCtJ0EsHgAfGXQFY+hxl6

Entry address:

0x4007

Entry point:

55, 8B, EC, 83, E4, F8, 81, EC, 1C, 09, 00, 00, 53, 56, 57, E8, BA, FB, FF, FF, 8B, 35, 0C, 60, 4D, 00, FF, D6, 83, E0, 11, 3D, 11, 01, 00, 00, 0F, 84, 22, 04, 00, 00, FF, D6, 8B, 5C, 24, 14, A3, 0C, 50, 40, 00, E8, 89, FC, FF, FF, 8B, C8, 2B, 0D, 0C, 50, 40, 00, 6A, 03, 33, D2, 8B, C1, 5E, F7, F6, F7, C1, 00, 80, FF, FF, 0F, 85, 8E, 02, 00, 00, 33, C0, 33, FF, 89, BC, 24, 24, 09, 00, 00, 66, 89, 84, 24, 10, 05, 00, 00, 89, BC, 24, 0C, 05, 00, 00, 66, 89, 84, 24, F8, 00, 00, 00, E8, 45, FC, FF, FF, 8B, C8... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

15 KB (15,360 bytes)

The file cpanel attacker.exe has been seen being distributed by the following URL.

http://dc288.gulfup.com/MksxmO.exe

Remove cpanel attacker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.