embrd2k10b87.exe

The executable embrd2k10b87.exe has been detected as malware by 13 anti-virus scanners. The program is a setup application that uses the WinZip SFX installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from download1001.mediafire.com.
MD5:
50fe24c9ecb2890e36a56f4a6d883e1e

SHA-1:
1778467609d2e33b9066fa4b5332f5e21c785bb5

SHA-256:
12d8a0bd51b1da97fa432a4ff34f09cd86599ee4bda1d7d69e38190999a51b13

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
8/16/2018 6:35:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Hupigon
7.1.1

AVG
BackDoor.Hupigon5.BGDX.dropper
2016.0.3033

Comodo Security
Backdoor.Win32.Hupigon
21344

IKARUS anti.virus
Backdoor.Win32.Hupigon.BGDX
t3scan.1.8.6.0

Kingsoft AntiVirus
Win32.Troj.Hupigon.jz.(kcloud)
331020.49267

McAfee
Artemis!50FE24C9ECB2
5600.6689

McAfee Web Gateway
Artemis
7.6689

NANO AntiVirus
Trojan.Win32.Hupigon.bedlas
0.30.0.296

Norman
Hupigon.LWVE
11.20150729

Trend Micro House Call
PAK_Generic.005
7.2.210

Trend Micro
PAK_Generic.005
10.465.29

Vba32 AntiVirus
Backdoor.Hupigon
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38254

File size:
17.2 MB (18,017,280 bytes)

File type:
Executable application (Win32 EXE)

Installer:
WinZip SFX

File PE Metadata
Compilation timestamp:
1/9/2001 9:09:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.10

CTPH (ssdeep):
393216:Nh9WOcA3A6FgZ/lGXLi4Jk4tqZ1Pv1tbc1meZ4HaIlTH:NhgOcNbG7i4Jk4qimekt1

Entry address:
0x3F8F

Entry point:
53, FF, 15, 4C, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 74, 01, 40, 52, 50, 52, 52, FF, 15, 50, 70, 40, 00, 50, E8, 9E, F3, FF, FF, 50, FF, 15, 54, 70, 40, 00, 5B, C3, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 94, 40, 00, 83, 0D, 00, 93, 40, 00, FF, 56, 33, F6, 39, 35, 40, 8E, 40, 00, 89, 35, 34, 94, 40, 00, 89, 35, 84, 94, 40, 00, A3, 24, 97, 40, 00, 75, 05, E8, 9D, D2, FF, FF...
 
[+]

Entropy:
7.9995

Packer / compiler:
WinZip, 0x32-bit SFX v8.x module

Code size:
21.5 KB (22,016 bytes)

The file embrd2k10b87.exe has been seen being distributed by the following URL.

Remove embrd2k10b87.exe - Powered by Reason Core Security