» hh.exe
Overview
Analysis
File Details
Downloads (1)

hh.exe

The executable hh.exe has been detected as malware by 30 anti-virus scanners. This is a setup program which is used to install the application. This backdoor trojan may be used to conduct distributed denial of service attacks, or used to install additional trojans or other forms of malicious software as well as can steal your sensitive information. The file has been seen being downloaded from www.petit-fichier.fr.

File name:

hh.exe

Version:

0.0.0.0

MD5:

7c200161a47ec522448e60d19d1a1229

SHA-1:

0eb24e60bcb50b29bbe007a0cfcf3598ad499ca2

SHA-256:

46985719ca3775bf01dde80fecda2fbebbb65729e2bd218c380465817033dceb

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/14/2024 7:58:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.65533

366

AegisLab AV Signature

Troj.Dropper.Gen

2.1.4+

Agnitum Outpost

Trojan.DR.FrauDrop

7.1.1

Avira AntiVirus

TR/ATRAPS.Gen

8.3.2.4

Arcabit

Trojan.Strictor.DFFFD

1.0.0.653

avast!

Win32:Malware-gen

2014.9-160204

AVG

Luhe.Fiha.A

2017.0.2844

Baidu Antivirus

Worm.MSIL.Bladabindi

4.0.3.1624

Bitdefender

Gen:Variant.Strictor.65533

1.0.20.175

Comodo Security

UnclassifiedMalware

24080

Dr.Web

Trojan.DownLoader19.14122

9.0.1.035

Emsisoft Anti-Malware

Gen:Variant.Strictor.65533

8.16.02.04.11

ESET NOD32

MSIL/Bladabindi.AH (variant)

10.12972

Fortinet FortiGate

MSIL/Bladabindi.AH!worm

2/4/2016

F-Secure

Gen:Variant.Strictor.65533

11.2016-04-02_5

G Data

Gen:Variant.Strictor.65533

16.2.25

IKARUS anti.virus

Trojan.Msil

t3scan.2.0.5.0

K7 AntiVirus

Trojan

13.213.18630

Kaspersky

Trojan-Dropper.Win32.FrauDrop

14.0.0.713

Malwarebytes

Trojan.Agent.MSIL

v2016.02.04.11

McAfee

RDN/Generic BackDoor

5600.6500

Microsoft Security Essentials

Backdoor:MSIL/Bladabindi.AL

1.1.12400.0

MicroWorld eScan

Gen:Variant.Strictor.65533

17.0.0.105

NANO AntiVirus

Trojan.Win32.ATRAPS.dzvruv

1.0.14.5798

Panda Antivirus

Trj/GdSda.A

16.02.04.11

Qihoo 360 Security

QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Backdoor.Bot!1.6675 [F]

23.00.65.16202

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R0C1C0DAQ16

10.465.04

VIPRE Antivirus

Trojan.Win32.Generic

46958

File size:

361 KB (369,664 bytes)

Product version:

0.0.0.0

Original file name:

w.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\hh.exe

File PE Metadata

Compilation timestamp:

1/27/2016 5:44:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:tXzs+DdrJvrC1Cabqkn5hbbu4Ut2FHigrCBAYNDj6JyLH3:tfrJzUV55VquZJYmyj

Entry address:

0x217AE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, C0, 00, 00, 80, 10, 00, 00, 00, D8, 00, 00, 80, 18, 00, 00, 00, F0, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

126 KB (129,024 bytes)

The file hh.exe has been seen being distributed by the following URL.

http://www.petit-fichier.fr/2016/01/26/.../upnaoud.exe

Remove hh.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.