» cpanel attacker.exe
Overview
Analysis
File Details
Downloads (2)

cpanel attacker.exe

WindowsApplication1

The executable cpanel attacker.exe has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from download2088.mediafire.com and multiple other hosts.

File name:

cpanel attacker.exe

Publisher:

Microsoft* (Invalid match)

Product:

WindowsApplication1

Version:

1.0.0.0

MD5:

fc4b8cea77d225045a89ccaa3ca1c59a

SHA-1:

454bed8bb35229233ba3e25ec26ad97107676ae6

SHA-256:

85f9d64770812ddaa94c44201347a6168f424edf16c6a81144bd2380150c8199

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/18/2024 5:19:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.527721

503

Agnitum Outpost

Trojan.Reconyc

7.1.1

AhnLab V3 Security

Trojan/Win32.Gen

2015.09.19

Avira AntiVirus

TR/Agent.15360.473

8.3.2.2

Arcabit

Trojan.Kazy.D80D69

1.0.0.545

avast!

Win32:Malware-gen

2014.9-150919

AVG

Pakes2_c

2016.0.2981

Baidu Antivirus

Trojan.Win32.Reconyc

4.0.3.15919

Bitdefender

Gen:Variant.Kazy.527721

1.0.20.1310

Comodo Security

UnclassifiedMalware

23262

Emsisoft Anti-Malware

Gen:Variant.Kazy.527721

8.15.09.19.05

ESET NOD32

MSIL/TrojanDropper.Agent.BNW (variant)

9.12277

Fortinet FortiGate

W32/Reconyc.DJWN!tr

9/19/2015

F-Secure

Gen:Variant.Kazy.527721

11.2015-19-09_7

G Data

Gen:Variant.Kazy.527721

15.9.25

IKARUS anti.virus

Trojan.Win32.Reconyc

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.210.17267

Kaspersky

Trojan.Win32.Reconyc

14.0.0.1401

Malwarebytes

Trojan.Agent.SVC

v2015.09.19.05

McAfee

RDN/Generic Dropper

5600.6637

MicroWorld eScan

Gen:Variant.Kazy.527721

16.0.0.786

NANO AntiVirus

Trojan.Win32.Reconyc.dlnpqx

0.30.24.3283

Panda Antivirus

Trj/CI.A

15.09.19.05

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Quick Heal

Trojan.Reconyc.r4

9.15.14.00

Sophos

Generic PUA HG (PUA)

4.98

Trend Micro

TROJ_GEN.R047C0EHN15

10.465.19

Vba32 AntiVirus

Malware-Cryptor.MSIL.gen.5

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

43876

Zillya! Antivirus

Trojan.Reconyc.Win32.6000

2.0.0.2403

File size:

835 KB (855,040 bytes)

Product version:

1.0.0.0

Original file name:

UniKeyNT_fake.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

12/28/2014 6:18:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:T3nN3HGRmRzjrv37NL50bvJaDLyDJfWMMxy1K9qiB:T3NZfrvto

Entry address:

0xC0D9E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5F, 3B, A0, 54, 00, 00, 00, 00, 02, 00, 00, 00, B5, 00, 00, 00, 1C, 20, 0C, 00, 1C, F2, 0B, 00, 52, 53... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

763.5 KB (781,824 bytes)

The file cpanel attacker.exe has been seen being distributed by the following 2 URLs.

http://download2088.mediafire.com/1z08ja3cnccg/.../cPanel Attacker.exe

http://download766.mediafire.com/ruv1y4yfgjqg/.../cPanel Attacker.exe

Remove cpanel attacker.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.