home

euuuuy.exe

denicherions exploratoire

tologue domiciliaires

The executable euuuuy.exe, “désigneraient dependrons mera” has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Euuuuy’. According to Microsoft Security Essentials, this Dorkbot IRC-based worm is designed to capture user names and passwords by intercepting on your network traffic, and can block websites that are related to security updates. It can also be used to launch denial of service (DoS) attacks.
Publisher:
tologue domiciliaires

Product:
denicherions exploratoire

Description:
désigneraient dependrons mera

Version:
4.07.0008

MD5:
c2261f1ccc9534009061bc3173c7204d

SHA-1:
55448a298ced9e64b5ba07791e28d59631c2bd08

SHA-256:
aa8be74cc7c06b4e1891b6c101a39e5865bed1a623b3b7994d7f351b69851a1f

Scanner detections:
28 / 68

Status:
Malware

Analysis date:
4/16/2024 8:06:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Backdoor.Ruskill
7.1.1

AhnLab V3 Security
Backdoor/Win32.Ruskill
2013.09.13

Avira AntiVirus
TR/Dropper.VB.Gen8
7.11.102.86

avast!
Win32:VBCrypt-BCM [Trj]
2014.9-140922

AVG
BackDoor.Generic17
2015.0.3343

Baidu Antivirus
Backdoor.Win32.Ruskill
4.0.3.14922

Bitdefender
Gen:Variant.Symmi.3596
1.0.20.1325

Comodo Security
UnclassifiedMalware
16930

Dr.Web
Trojan.DownLoader7.9759
9.0.1.0265

Emsisoft Anti-Malware
Gen:Variant.Symmi.3596
8.14.09.22.12

ESET NOD32
Win32/Injector.UCF (variant)
8.8794

Fortinet FortiGate
W32/VBKrypt.MBSX!tr
9/22/2014

G Data
Gen:Variant.Symmi.3596
14.9.22

IKARUS anti.virus
Backdoor.Win32.Ruskill
t3scan.2.0.127

K7 AntiVirus
Riskware
13.172.9570

Kaspersky
Backdoor.Win32.Ruskill
14.0.0.3212

Malwarebytes
Trojan.VBCrypt
v2014.09.22.12

McAfee
RDN/Generic BackDoor!rz
5600.6999

Microsoft Security Essentials
Worm:Win32/Dorkbot.A
1.163.1557.0

NANO AntiVirus
Trojan.Win32.Ruskill.bxxkrs
0.26.0.54404

Norman
Troj_Generic.NDEDM
11.20140922

nProtect
Backdoor/W32.Ruskill.602112
13.09.13.03

Panda Antivirus
Generic Malware
14.09.22.12

Sophos
Mal/Generic-S
4.91

Trend Micro House Call
TROJ_GEN.F0C2C0KGR13
7.2.265

Trend Micro
TROJ_GEN.F0C2C0KGR13
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
21430

ViRobot
Backdoor.Win32.A.Ruskill.602112
2011.4.7.4223

File size:
588 KB (602,112 bytes)

Product version:
4.07.0008

Copyright:
touffere referme' assechan 1996

Trademarks:
anonnes asthe'ni

Original file name:
pa^tisser.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\euuuuy.exe

File PE Metadata
Compilation timestamp:
7/23/2012 4:14:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:FkupBqzxO+Rogs1Rk+8vBEoe1cqMcG6CeP1LvgFIu26ccLHcGUN74zt:H

Entry address:
0x109C

Entry point:
68, 04, 11, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, BC, 93, 55, 2E, C4, 16, 35, 47, 93, 38, DD, 50, 22, A5, BD, 70, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 72, 6B, 65, 6E, 69, 6E, 62, 6F, 6C, 73, 74, 65, 72, 65, 72, 73, 00, 37, 35, 32, 35, 34, 00, 00, 00, 00, 07, 00, 00, 00, EC, 41, 40, 00, 07, 00, 00, 00, A4, 41, 40, 00, 07, 00, 00, 00, 48, 41, 40, 00, 56, 42, 35, 21, 36, 26, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 7E, 00, 00, 00...
 
[+]

Entropy:
3.1572

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
440 KB (450,560 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Euuuuy

Command:
C:\users\{user}\appdata\roaming\euuuuy.exe


Remove euuuuy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.