» hosts.exe
Overview
Analysis
File Details

hosts.exe

sign

The executable hosts.exe has been detected as malware by 6 anti-virus scanners.

File name:

hosts.exe

Publisher:

sign (signed and verified)

MD5:

8a6035bc4b23cafe39cca623a0d67f2c

SHA-1:

476d0a3cba9c8c575085ca912b8a621de83469f9

SHA-256:

3c42873d123c946983cdc1ae0c7ff27e636af314e58e4754d37b22e51dad58c5

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

8/6/2025 6:12:32 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Generic

2014.08.10

Bkav FE

W32.ArtemisVolmqt.Trojan

1.3.0.4959

Dr.Web

Trojan.Proxy.24281

9.0.1.05190

NANO AntiVirus

Trojan.Win32.ATRAPS.brmzvy

0.28.2.61349

Sophos

Mal/Emogen-I

4.98

Vba32 AntiVirus

TrojanDownloader.VBS.Small

3.12.26.3

File size:

27.6 KB (28,216 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

sign

Authority:

sign Certificate Authority

Valid from:

6/18/2014 6:06:02 AM

Valid to:

6/18/2044 6:06:02 AM

Subject:

CN=sign

Issuer:

CN=sign Certificate Authority

Serial number:

2DFD7063F6DE4A957CB1368483C4E959

File PE Metadata

Compilation timestamp:

3/29/2013 6:01:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

384:VzWiWlof+Z8N8p/ij7m+1Istgi0qx2sACI3ugLOMUk22Ce61EYzNLFiKpqj2XnYN:ZuVZ1p/ija+1I2UqBgeQLVCt7NLFdpXO

Entry address:

0x50B4

Entry point:

55, 8B, EC, B9, 06, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, F0, 48, 40, 00, E8, 8B, ED, FF, FF, BE, AC, 98, 40, 00, 33, C0, 55, 68, A1, 54, 40, 00, 64, FF, 30, 64, 89, 20, A1, A4, 67, 40, 00, 33, D2, 89, 10, 8D, 45, EC, E8, DB, F0, FF, FF, 8B, 55, EC, B8, D0, 98, 40, 00, E8, 8E, E7, FF, FF, 8D, 55, E8, A1, D0, 98, 40, 00, E8, D5, EF, FF, FF, 8B, 55, E8, B8, D0, 98, 40, 00, E8, 74, E7, FF, FF, C6, 05, CC, 98, 40, 00, 01, 6A, 0A, 68, B0, 54, 40, 00, A1, E0, 97, 40, 00, 50, E8, 8B, ED, FF... 
[+]

Entropy:

6.4478

Developed / compiled with:

Microsoft Visual C++

Code size:

16 KB (16,384 bytes)

Remove hosts.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.