» granny_download.exe
Overview
Analysis
File Details
Network (1)

granny_download.exe

granny_download

The executable granny_download.exe has been detected as malware by 9 anti-virus scanners. While running, it connects to the Internet address 195.34.13.149.zylom.net on port 443.

File name:

granny_download.exe

Product:

granny_download

Description:

granny_download

Version:

1, 0, 0, 1

MD5:

2fb48a52fd1f2b126ae18d49df022d4e

SHA-1:

617f55586c711c526937b2376e15a54c8224feaa

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

4/26/2024 1:12:57 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dldr.Agent.fmgg

7.11.4.52

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.1.97.0

McAfee

Artemis!2FB48A52FD1F

5600.6185

Norman

W32/Suspicious_Gen2.GTFJF

11.20161214

Panda Antivirus

Suspicious file

16.12.14.01

Quick Heal

TrojanDownloader.Agent.fmgg

12.16.11.00

Trend Micro House Call

PAK_Generic.009

7.2.349

Trend Micro

PAK_Generic.009

10.465.14

Vba32 AntiVirus

TrojanDownloader.Agent.fmgg

3.12.14.3

File size:

1.8 MB (1,936,385 bytes)

Product version:

1, 0, 0, 1

Original file name:

granny_download.exe

File type:

Executable application (Win32 EXE)

Language:

Polish

Common path:

C:\Program Files\sandlot\granny in paradise\granny_download.exe

File PE Metadata

Compilation timestamp:

2/16/2007 5:26:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x5630C3

Entry point:

89, 25, 04, 90, 99, 00, EB, 05, 6A, EB, 00, EB, 03, EB, FA, B8, 68, 0D, 31, 96, 00, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, EB, 05, EB, 04, EB, 04, 6A, EB, FB, 3C, EB, 02, C7, 05, EB, 01, BF, EB, 03, EB, 02, EB, EB, 01, EB, E9, 0E, 07, 00, 00, EB, 02, F7, 05, EB, 03, EB, F9, B3, 55, 89, E5, EB, 04, 6A, EB, F8, 3C, EB, 02, 83, F9, EB, 02, F7, 05, 8B, 45, 08, 8B, 00, EB, 03, A2, 7A, 89, 71, 05, 90, 8D, 3F, 70, 04, EB, 02, E9, CE, EB, 02, 80, FC, 3D, 03, 00, 00, 80, 75, 04, 31, C0, EB, 2B, 3D... 
[+]

Entropy:

7.9433 (probably packed)

Code size:

536 KB (548,864 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to 195.34.13.149.zylom.net (149.13.34.195:443)

Remove granny_download.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.