» fdhxgf.exe
Overview
Analysis
File Details
Behaviors (1)

fdhxgf.exe

Skype.Ink

The executable fdhxgf.exe has been detected as malware by 22 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named scXca triggered to execute each time a user logs in.

File name:

fdhxgf.exe

Publisher:

Skype.Ink

Product:

Skype.Ink

Version:

2.8.3.2

MD5:

92cf448971161a7dec4b9cbfc8871965

SHA-1:

f440313bfc813c376206d5d243379faf356ebfc6

SHA-256:

7fdb0ef8460c1c349e84a0f50d931f091a6b1e61fda5e952a122656f6d51eae0

Scanner detections:

22 / 68

Status:

Malware

Analysis date:

4/19/2024 12:14:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.4585818

-40

AegisLab AV Signature

Troj.W32.Generic!c

2.1.4+

Avira AntiVirus

TR/Dropper.MSIL.nyeqs

8.3.3.4

Arcabit

Trojan.Generic.D45F95A

1.0.0.798

avast!

Win32:Trojan-gen

2014.9-170316

AVG

MSIL11

2018.0.2438

Baidu Antivirus

Win32.Trojan.WisdomEyes.16070401.9500

4.0.3.17316

Bitdefender

Trojan.GenericKD.4585818

1.0.20.375

Dr.Web

Trojan.DownLoader23.42497

9.0.1.075

Emsisoft Anti-Malware

Trojan.GenericKD.4585818

8.17.03.16.11

ESET NOD32

MSIL/Injector.RQE (variant)

11.15085

Fortinet FortiGate

MSIL/Injector.RQE!tr

3/16/2017

F-Secure

Trojan.GenericKD.4585818

11.2017-16-03_5

G Data

MSIL.Trojan.Injector.04LW5X

17.3.A:25.11175B:25.9080

K7 AntiVirus

Trojan

13.10.5.22706

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1317

McAfee

Artemis!92CF44897116

5600.6094

Microsoft Security Essentials

Backdoor:Win32/Rescoms.B

1.1.13504.0

MicroWorld eScan

Trojan.GenericKD.4585818

18.0.0.225

Qihoo 360 Security

HEUR/QVM03.0.C455.Malware.Gen

1.0.0.1120

Rising Antivirus

Trojan.Injector!8.C4 (cloud:UFaBRtZXokC)

23.00.65.17314

Sophos

Mal/Generic-S

4.98

File size:

200 KB (204,800 bytes)

Product version:

2.8.3.2

Original file name:

ercuArSa.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\fdhxgf.exe

File PE Metadata

Compilation timestamp:

3/13/2017 12:05:00 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x2645E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.0896

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

148 KB (151,552 bytes)

Scheduled Task

Task name:

scXca

Path:

\Update\scXca

Trigger:

Logon (Runs on logon)

Remove fdhxgf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.