» hdd regenerator.exe
Overview
Analysis
File Details
Network (1)

hdd regenerator.exe

The executable hdd regenerator.exe has been detected as malware by 18 anti-virus scanners. While running, it connects to the Internet address uvds75.valuehost.ru on port 80 using the HTTP protocol.

File name:

hdd regenerator.exe

MD5:

eebed345ee797d6cabb2b5a383ec009f

SHA-1:

4bda938a3d0b658c1b0292aeb61fe399edfd35e1

SHA-256:

72029bb1bde1e9f79166cbb884efe3023efa67cfaff839a87b8d0a3a98939964

Scanner detections:

18 / 68

Status:

Malware

Analysis date:

4/19/2024 4:55:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.KDV.404767

819

AVG

Dropper.Agent

2015.0.3297

Baidu Antivirus

Trojan.Win32.Dropper

4.0.3.14118

Bitdefender

Trojan.Generic.KDV.404767

1.0.20.1560

Bkav FE

HW32.Packed

1.3.0.6185

Emsisoft Anti-Malware

Trojan.Generic.KDV.404767

8.14.11.08.03

F-Prot

W32/Backdoor!5c0e

v6.4.7.1.166

F-Secure

Trojan.Generic.KDV.404767

11.2014-08-11_7

G Data

Trojan.Generic.KDV.404767

14.11.24

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.8.3.0

McAfee

Artemis!EEBED345EE79

5600.6953

MicroWorld eScan

Trojan.Generic.KDV.404767

15.0.0.936

Norman

Agent.AANDA

11.20141108

nProtect

Trojan.Generic.KDV.404767

14.10.31.01

Trend Micro House Call

TROJ_SPNR.0BAG14

7.2.312

Trend Micro

TROJ_SPNR.0BAG14

10.465.08

VIPRE Antivirus

Trojan-Dropper.Win32.Agent

34424

Zillya! Antivirus

Dropper.Agent.Win32.63835

2.0.0.1973

File size:

795.3 KB (814,382 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\hd regeneretor\hdd regenerator by colodelmolina\crack\hdd regenerator.exe

File PE Metadata

Compilation timestamp:

8/1/2004 5:01:04 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:zM1TiH3F5Grw6/AyPlMXUyCpBLyvoOAgQ:z6iXF5G91KjCpBeAOAgQ

Entry address:

0x82AB33

Entry point:

E8, 00, 00, 00, 00, 60, E8, 4F, 00, 00, 00, 92, F7, 00, 97, 44, EF, 46, 33, 67, 3D, FD, 57, 48, 8E, 85, 33, C5, BB, C9, FE, 3C, 61, 54, B7, 7E, AD, 4B, 10, B3, FF, C7, E9, A0, 72, 2E, 0E, 1C, 2D, C1, 98, B4, 6E, FD, 54, A0, 6C, 26, 6D, 04, 77, 6B, 3F, 41, 14, CD, C1, B0, 0C, CD, C5, 9C, D3, A5, F1, E9, 1A, 6D, 00, 00, E9, 2E, 6D, 00, 00, E9, 29, 6D, 00, 00, E8, 6E, FB, FF, FF, 6E, 00, 01, 00, 05, 99, 00, 00, 55, 59, 58, 32, 90, 7E, D1, 56, 9A, 65, 74, 56, 87, 68, 91, AF, 97, C6, D0, BD, D0, C6, 69, 65, FE... 
[+]

Packer / compiler:

MoleBox v2.0

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to uvds75.valuehost.ru (217.112.43.73:80)

Remove hdd regenerator.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.