» elysian.exe
Overview
Analysis
File Details
Downloads (1)

elysian.exe

Microsoft .NET Framework

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable elysian.exe, “System.DirectoryServices.dll” has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs09n1.sendspace.com.

File name:

elysian.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® .NET Framework

Description:

System.DirectoryServices.dll

Version:

2.0.50727.8007

MD5:

f2260aa843d4c0177b792471e598a138

SHA-1:

5aab2c2a9a4bbbe26b6947108b7c85f320e6ebaf

SHA-256:

4adcb93ea10596f76034266e5d5dbccd09bdff0a6c85e41573ee491b8be8514f

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/24/2024 5:59:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.593005

393

Agnitum Outpost

Trojan.Comet.Gen.LO

7.1.1

Arcabit

Trojan.Kazy.D90C6D

1.0.0.642

avast!

MSIL:GenMalicious-CHX [Trj]

2014.9-160108

AVG

BackDoor.PoisonIvy

2017.0.2871

Bitdefender

Gen:Variant.Kazy.593005

1.0.20.40

Dr.Web

Trojan.Inject1.45089

9.0.1.08

Emsisoft Anti-Malware

Gen:Variant.Kazy.593005

8.16.01.08.07

ESET NOD32

MSIL/Injector.IXW (variant)

10.12825

Fortinet FortiGate

MSIL/Injector.IXW!tr

1/8/2016

F-Secure

Gen:Variant.Kazy.593005

11.2016-08-01_6

G Data

Gen:Variant.Kazy.593005

16.1.25

IKARUS anti.virus

Trojan.MSIL.Injector

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.212.18331

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.849

Microsoft Security Essentials

Backdoor:Win32/Fynloski

1.1.12400.0

MicroWorld eScan

Gen:Variant.Kazy.593005

17.0.0.24

NANO AntiVirus

Trojan.Win32.Inject1.dzmqge

1.0.14.5380

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Backdoor.Pontoeb!1.6637 [F]

23.00.65.16106

Sophos

Troj/MSIL-EZN

4.98

Trend Micro

TROJ_GEN.R047C0RA516

10.465.08

VIPRE Antivirus

Trojan.Win32.Generic

46298

ViRobot

Trojan.Win32.Z.Injector.290716.C[h]

2014.3.20.0

File size:

283.9 KB (290,716 bytes)

Product version:

2.0.50727.8007

Original file name:

elysian.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\elysian.exe

File PE Metadata

Compilation timestamp:

1/4/2016 8:43:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:/g1mHAUD33529asrRWhsJehNolJWWt7ovtIweYU0sxgxgQkC:/gCAi3M9asN4xh2PoGCrsx4gQkC

Entry address:

0x44ECE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.8500

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

268 KB (274,432 bytes)

The file elysian.exe has been seen being distributed by the following URL.

https://fs09n1.sendspace.com/dl/80a0435d5d680a9a1a9d192fc8a5a494/568d98d116c329da/.../elysian.exe

Remove elysian.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.