» Havij.exe
Overview
Analysis
File Details
Programs (1)
Network (16)

Havij.exe

Havij

ITSecTeam

The executable Havij.exe, “Advanced SQL Injection Tool” has been detected as malware by 16 anti-virus scanners. This file is typically installed with the program Havij 1.15 Free by ITSecTeam. While running, it connects to the Internet address server.locadatacenter1.com on port 80 using the HTTP protocol.

File name:

Havij.exe

Publisher:

ITSecTeam

Product:

Havij

Description:

Advanced SQL Injection Tool

Version:

1.15

MD5:

5dce7f54dcf627e83cefb2dbe8a037d6

SHA-1:

35d0e1c186c32822c8f72550749928fe7d58e94a

SHA-256:

bbc05fda2667ea14c4cb557aa985936520eeae1ef5134f7e6c28d891cb843fc5

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

4/25/2024 1:12:01 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

HackTool.SQLInject

7.1.1

Avira AntiVirus

SPR/SQLInject.fh.1

7.11.121.80

Baidu Antivirus

HackTool.Win32.SQLInject

4.0.3.131223

Bkav FE

W32.Clodf35.Trojan

1.3.0.4613

Clam AntiVirus

WIN.Trojan.Agent-248592

0.98/18355

IKARUS anti.virus

HackTool.Win32.SQLInject

t3scan.2.2.29

K7 AntiVirus

Riskware

13.174.10588

Kaspersky

HackTool.Win32.SQLInject

14.0.0.4577

Norman

Suspicious_Gen4.DOMMN

11.20131223

nProtect

Trojan/W32.HackTool.1744896.B

13.12.22.01

Reason Heuristics

Unnamed.Threat.27

14.3.3.12

Sophos

Generic PUA DF

4.96

Trend Micro House Call

HKTL_SQLINJECT

7.2.357

Trend Micro

HKTL_SQLINJECT

10.465.23

VIPRE Antivirus

Trojan.Win32.Generic

24624

ViRobot

JS.A.Iframe.1744896.A

2011.4.7.4223

File size:

1.7 MB (1,744,896 bytes)

Product version:

1.15

Trademarks:

ITSecTeam

Original file name:

Havij.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\havij 1.15 - advanced sql injection\havij.exe

File PE Metadata

Compilation timestamp:

6/22/2011 10:52:44 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:0yz+HhpV2bP6WRvz7TSdMzLOE7PjArataCYwfnLr593J4QL9DJN:09HvV4P6ATSdMzLOE7PjdaNwZ93J4A

Entry address:

0x792C

Entry point:

68, CC, 2A, 42, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 37, 46, 86, FD, 5D, 97, 0F, 47, BF, 9F, 4B, 91, C8, 41, B2, 2A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 40, 00, D8, C0, 40, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 08, 10, 57, 03, 00, 00, 00, 00, 20, 37, 40, 01, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 06, 00, 00, 00, 7D, 01, 48, 6E, 8C, 11, 1B, 42, AE, 97, F6, 70, 3C, B0, E6, 64, 01, 00, 00, 00, A0, 00, 00, 00... 
[+]

Entropy:

5.8409

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

1.6 MB (1,699,840 bytes)

The file Havij.exe has been discovered within the following program.

Havij 1.15 Free by ITSecTeam

ITSecTeam.com

About 6% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to web1409.kinghost.net (177.185.192.110:80)

TCP (HTTP):

Connects to web-php5.mydns.net.nz (119.47.114.165:80)

TCP (HTTP):

Connects to redshieldindustries.com (43.229.129.13:80)

TCP (HTTP):

Connects to server41.donhost.co.uk (81.21.75.28:80)

TCP (HTTP):

Connects to server.locadatacenter1.com (107.190.132.242:80)

TCP (HTTP):

Connects to php5.web4u.cz (81.91.86.11:80)

TCP (HTTP):

Connects to nesher.dmz.biu.ac.il (132.70.196.38:80)

TCP (HTTP):

Connects to linweb7.nedlook.com (62.212.150.70:80)

TCP (HTTP):

Connects to jet.tyco.co.il (80.179.226.37:80)

TCP (HTTP):

Connects to cprohostinglin0550.arquimedes.locaweb.com.br (186.202.59.124:80)

TCP (HTTP):

Connects to arvandus.ch-meta.net (80.74.139.2:80)

TCP (HTTP):

Connects to animalpak.com (208.71.19.120:80)

TCP (HTTP):

Connects to a92-122-68-30.deploy.akamaitechnologies.com (92.122.68.30:80)

TCP (HTTP):

Connects to 4g.controloye.com (108.61.59.149:80)

TCP (HTTP):

Connects to 226.201-140-105.bestel.com.mx (201.140.105.226:80)

TCP (HTTP):

Connects to 177-22-95-58.triway.net.br (177.22.95.58:80)

Remove Havij.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.