» folkanjekyrw.exe
Overview
Analysis
File Details
Behaviors (1)
Network (17)

folkanjekyrw.exe

Aqeare

The executable folkanjekyrw.exe has been detected as malware by 37 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘folkanjekyrw’. While running, it connects to the Internet address ip-184-168-221-11.ip.secureserver.net on port 80 using the HTTP protocol.

File name:

folkanjekyrw.exe

Publisher:

Aqeare (signed and verified)

MD5:

6ab2c594497a0d6fba627ee7dbcbb92e

SHA-1:

51c15e7a972b26b644330139329bf3e68563f368

SHA-256:

cf50530874fb941bcdf67415ecbc7dc43f689f5239769216668e69c9f60680c0

Scanner detections:

37 / 68

Status:

Malware

Analysis date:

4/18/2024 7:35:02 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.744533

361

Agnitum Outpost

Trojan.Wigon

7.1.1

AhnLab V3 Security

Win-Trojan/Pushdo.35768

2015.07.28

Avira AntiVirus

TR/Small.A.42

8.3.1.6

Arcabit

Trojan.Generic.KDV.DB5C55

1.0.0.425

avast!

Win32:Downloader-QSF [Trj]

2014.9-160208

AVG

Dropper.Generic6

2017.0.2839

Baidu Antivirus

Backdoor.Win32.Pushdo

4.0.3.1628

Bitdefender

Trojan.Generic.KDV.744533

1.0.20.195

Comodo Security

UnclassifiedMalware

22874

Dr.Web

Trojan.DownLoader6.62576

9.0.1.039

ESET NOD32

Win32/Wigon.PB

10.12000

Fortinet FortiGate

W32/Pushdo.P!tr.bdr

2/8/2016

F-Prot

W32/Trojan2.NTQJ

v6.4.7.1.166

F-Secure

Trojan.Generic.KDV.744533

11.2016-08-02_2

G Data

Trojan.Generic.KDV.744533

16.2.25

IKARUS anti.virus

Backdoor.Win32.Pushdo

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.207.16692

Kaspersky

Backdoor.Win32.Pushdo

14.0.0.692

Malwarebytes

Trojan.Ransom.Gen

v2016.02.08.01

McAfee

PWS-Zbot.gen.apy

5600.6495

Microsoft Security Essentials

TrojanDownloader:Win32/Cutwail.BV

1.1.11903.0

MicroWorld eScan

Trojan.Generic.KDV.744533

17.0.0.117

NANO AntiVirus

Trojan.Win32.Wigon.yqsxh

0.30.24.2668

nProtect

Trojan/W32.Small.35768

15.07.27.01

Panda Antivirus

Trj/OCJ.A

16.02.08.01

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Quick Heal

Trojan.Small.rw5

2.16.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1330280B!321923083

23.00.65.16206

Sophos

Mal/Generic-L

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Malfem

9336

Total Defense

Win32/Tnega.AQOQ

37.1.62.1

Trend Micro House Call

TROJ_SPNR.0BJ212

7.2.39

Trend Micro

TROJ_SPNR.0BJ212

10.465.08

Vba32 AntiVirus

Backdoor.Pushdo

3.12.26.4

VIPRE Antivirus

Trojan-Downloader.Win32.Cutwail.bx

42376

ViRobot

Backdoor.Win32.A.Pushdo.35768[h]

2014.3.20.0

File size:

34.9 KB (35,768 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\user\folkanjekyrw.exe

Digital Signature

Signed by:

Aqeare

Authority:

Aqeare

Valid from:

12/31/2010 3:00:00 PM

Valid to:

12/31/2039 5:59:59 PM

Subject:

CN=Aqeare

Issuer:

CN=Aqeare

Serial number:

EB2DC79B7906D3B2404850553DA08396

File PE Metadata

Compilation timestamp:

2/26/2008 1:59:09 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:omNv3ZMQQR816OOPxxtOv3EhJ8/+qLJYPVXXA:RppMQQn5xHJ8Gq1YPRQ

Entry address:

0x24D4

Entry point:

E8, 49, 00, 00, 00, A3, BE, 42, 00, 0A, 6A, 00, E8, 43, 00, 00, 00, A3, 6C, 40, 00, 0A, E8, 2D, 00, 00, 00, A3, BA, 42, 00, 0A, 6A, 0A, FF, 35, BA, 42, 00, 0A, 6A, 00, FF, 35, 6C, 40, 00, 0A, E8, 42, FA, FF, FF, CC, FF, 25, 24, 30, 00, 0A, FF, 25, 20, 30, 00, 0A, FF, 25, 1C, 30, 00, 0A, FF, 25, 10, 30, 00, 0A, FF, 25, 00, 30, 00, 0A, FF, 25, 14, 30, 00, 0A, FF, 25, 0C, 30, 00, 0A, FF, 25, 08, 30, 00, 0A, FF, 25, 04, 30, 00, 0A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.4790

Code size:

5.5 KB (5,632 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

folkanjekyrw

Command:

C:\users\user\folkanjekyrw.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to manage.embarq.synacor.com (69.168.97.85:80)

TCP (SMTP):

Connects to ip-50-63-202-56.ip.secureserver.net (50.63.202.56:25)

TCP (SMTP):

Connects to www.terra.com (208.70.188.57:25)

TCP (HTTP):

Connects to www.nettally.com (199.44.82.1:80)

TCP (HTTP):

Connects to web-portal-cdn.terra.com.br (208.84.244.116:80)

TCP (HTTP):

Connects to w2.src.vip.ir2.yahoo.com (77.238.184.150:80)

TCP (HTTP):

Connects to spool.lnh.mail.rcn.net (207.172.157.181:80)

TCP (HTTP):

Connects to phx1-sha-redirect-lb.cnet.com (64.30.224.118:80)

TCP (HTTP):

Connects to mytmobile.info (206.29.177.12:80)

TCP (HTTP):

Connects to mail.vail.net (65.38.128.10:80)

TCP (HTTP):

Connects to ip-184-168-221-11.ip.secureserver.net (184.168.221.11:80)

TCP (HTTP):

Connects to freedomfordinc.com (67.192.6.123:80)

TCP (HTTP):

Connects to ec2-23-23-169-30.compute-1.amazonaws.com (23.23.169.30:80)

TCP (HTTP):

Connects to cloud8.nccn.net (162.242.144.102:80)

TCP (HTTP):

Connects to ash.parking.local (69.64.147.249:80)

TCP (HTTP):

Connects to 206.192.6.200.intelnet.net.gt (200.6.192.206:80)

TCP (HTTP):

Connects to mtsdatacentres.com (199.27.222.110:80)

Remove folkanjekyrw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.