home

eoclient.exe

MD5:
2ec95c46260015c69044a1e44f151a46

SHA-1:
0d28bc40a4b7b94dfed399d39fedef92a4e4a31d

SHA-256:
355be4ff8348c3b193d85a665f08dbba9c3c9ca28629a3ecdc92fa8b16d8d486

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 7:27:44 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
17616

ESET NOD32
probably unknown NewHeur_PE
8.9295

IKARUS anti.virus
Virus.Win32.Trojan
t3scan.2.2.29

Trend Micro House Call
TROJ_GEN.F47V0707
7.2.50

File size:
1.3 MB (1,327,104 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\eor36b\eoclient.exe

File PE Metadata
Compilation timestamp:
11/29/1984 6:44:47 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:8hOHb32zFhJ+Y9Uw541LraTkJME2o0+kZPKgbvfIcoVZjWieAUrCD:8h9Rh1R54hraTkJME2o0+kZPKgbXIcqa

Entry address:
0x1000

Entry point:
A1, 63, 50, 4E, 00, C1, E0, 02, A3, 67, 50, 4E, 00, 57, 51, 33, C0, BF, 78, C8, 52, 00, B9, 04, F4, 5C, 00, 3B, CF, 76, 05, 2B, CF, FC, F3, AA, 59, 5F, 6A, 00, E8, 03, 64, 0D, 00, 59, 68, 2C, 50, 4E, 00, 6A, 00, E8, 4D, 30, 0E, 00, A3, 6B, 50, 4E, 00, 6A, 00, E9, DE, 1A, 0E, 00, E9, 08, 64, 0D, 00, 33, C0, A0, 58, 50, 4E, 00, C3, A1, 6B, 50, 4E, 00, C3, CC, B9, AC, 00, 00, 00, 0B, C9, 74, 39, 83, 3D, 63, 50, 4E, 00, 00, 73, 0A, B8, E2, 00, 00, 00, E8, E3, FF, FF, FF, 68, AC, 00, 00, 00, 6A, 40, E8, 55, 2E...
 
[+]

Entropy:
6.3490

Code size:
910.5 KB (932,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to h2059216.stratoserver.net  (81.169.152.91:18385)

Scan eoclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.