» f6772b7dadc908777a4deb62bd4ce5e0.exe
Overview
Analysis
File Details
Network (89)

f6772b7dadc908777a4deb62bd4ce5e0.exe

The executable f6772b7dadc908777a4deb62bd4ce5e0.exe has been detected as malware by 9 anti-virus scanners.

File name:

Version:

2.37.2.28

MD5:

e10ccc202f802e60a606674a0853858b

SHA-1:

b8418217837d1e924db6eccb39352bc2b9e4bad7

SHA-256:

20e588f8b2fb061206e80bd489c7d5becd57e1c1a9bb978423b5753bfe41ef4b

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

5/9/2024 12:54:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.759591

442

Arcabit

Trojan.Kazy.DB9727

1.0.0.585

Bitdefender

Gen:Variant.Kazy.759591

1.0.20.1615

Emsisoft Anti-Malware

Gen:Variant.Kazy.759591

8.15.11.19.03

F-Secure

Gen:Variant.Kazy.759538

11.2015-19-11_5

G Data

Gen:Variant.Kazy.759591

15.11.25

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.1097

MicroWorld eScan

Gen:Variant.Kazy.759591

16.0.0.969

Rising Antivirus

PE:Malware.RDM.32!5.26[F1]

23.00.65.151015

File size:

305.5 KB (312,832 bytes)

Product version:

2.37.2.28

Original file name:

OK8OMH.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\f6772b7dadc908777a4deb62bd4ce5e0.exe

File PE Metadata

Compilation timestamp:

10/16/2015 11:13:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:DNr7mn4X+yE0J2JH+sKFDzfP/EwVIhDQlo6O1OqwSAW:DNnmnvyvJ2MsKRfz+hKoN8E

Entry address:

0x4DBDE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.9140

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

303 KB (310,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to coccoc.com (123.30.175.56:443)

TCP (HTTP):

Connects to ec2-23-21-139-158.compute-1.amazonaws.com (23.21.139.158:80)

TCP (HTTP):

Connects to cdn-203-77-188-253.hkg.llnw.net (203.77.188.253:80)

TCP (HTTP):

Connects to hn.vtc.vn (117.103.197.90:80)

TCP (HTTP):

Connects to ec2-54-235-149-64.compute-1.amazonaws.com (54.235.149.64:80)

TCP (HTTP SSL):

Connects to ec2-174-129-255-167.compute-1.amazonaws.com (174.129.255.167:443)

TCP (HTTP SSL):

Connects to d.v.dropbox.com (108.160.172.193:443)

TCP (HTTP):

Connects to cdn-203-77-188-254.hkg.llnw.net (203.77.188.254:80)

TCP (HTTP SSL):

Connects to WIN-MGIB0IP4L15 (123.31.47.32:443)

TCP (HTTP SSL):

Connects to server-52-85-151-104.hkg51.r.cloudfront.net (52.85.151.104:443)

TCP (HTTP):

Connects to ec2-23-21-119-84.compute-1.amazonaws.com (23.21.119.84:80)

TCP (HTTP):

Connects to d117155147.ppp117155.cyberway.com.sg (203.117.155.147:80)

TCP (HTTP SSL):

Connects to bam-8.nr-data.net (162.247.242.20:443)

TCP (HTTP):

Connects to ec2-54-197-251-114.compute-1.amazonaws.com (54.197.251.114:80)

TCP (HTTP):

Connects to ec2-50-17-220-153.compute-1.amazonaws.com (50.17.220.153:80)

TCP (HTTP SSL):

Connects to static.vnpt.vn (123.30.210.149:443)

TCP (HTTP SSL):

Connects to server-52-85-151-77.hkg51.r.cloudfront.net (52.85.151.77:443)

TCP (HTTP SSL):

Connects to server-52-85-151-242.hkg51.r.cloudfront.net (52.85.151.242:443)

TCP (HTTP SSL):

Connects to server-52-85-151-20.hkg51.r.cloudfront.net (52.85.151.20:443)

TCP (HTTP SSL):

Connects to server-52-85-151-151.hkg51.r.cloudfront.net (52.85.151.151:443)

Remove f6772b7dadc908777a4deb62bd4ce5e0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.