» houmqyu.exe
Overview
Analysis
File Details
Behaviors (1)

houmqyu.exe

Anubisel

Anubisel Corporatu

The executable houmqyu.exe, “Anubisel Visatl Studie 2020” has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Agixzykeduno’.

File name:

houmqyu.exe

Publisher:

Anubisel Corporatu

Product:

Anubisel

Description:

Anubisel Visatl Studie 2020

Version:

6.23.55339.49952

MD5:

39575aa42d69a77845a2cd6455817244

SHA-1:

86ffd7209919d98f6107024d7bd24f48ea55621d

SHA-256:

427c038873ea8cdbe9e2ae74485e5676d7eff8b3af34ca52b65d25c9a355c9d0

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

5/9/2024 12:29:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.502199

800

Avira AntiVirus

TR/Crypt.ZPACK.109830

7.11.189.16

avast!

Win32:Dropper-gen [Drp]

141119-1

AVG

Win32/Cryptor

2014.0.4189

Bitdefender

Gen:Variant.Kazy.502199

1.0.20.1650

Bkav FE

HW32.Packed

1.3.0.4959

Dr.Web

Trojan.PWS.Panda.7719

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.502199

9.0.0.4570

ESET NOD32

Win32/Kryptik.CRBX trojan

7.0.302.0

F-Secure

Gen:Variant.Kazy.502199

11.2014-26-11_4

G Data

Gen:Variant.Kazy.502199

14.11.24

IKARUS anti.virus

Win32.Cryptor

t3scan.1.8.3.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2886

Malwarebytes

Trojan.Zemot

v2014.11.26.08

McAfee

MysticCompressor!39575AA42D69

5600.6934

MicroWorld eScan

Gen:Variant.Kazy.502199

15.0.0.990

Norman

Heur.I

11.20141126

Panda Antivirus

Trj/Genetic.gen

14.12.01.07

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Quick Heal

FraudTool.Security

11.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.1.19

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.141124

SUPERAntiSpyware

Trojan.Agent/Gen-Kryptik

10213

Vba32 AntiVirus

Heur.Trojan.Hlux

3.12.26.3

VIPRE Antivirus

Threat.4150696

35088

File size:

295.1 KB (302,185 bytes)

Product version:

6.23.55339.49952

Original file name:

biacosh.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\ocsexia\houmqyu.exe

File PE Metadata

Compilation timestamp:

5/10/2010 10:08:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

0.2

CTPH (ssdeep):

6144:AKl1q92ZXyq5xqZ1T+q4vDeGq7X7QQApRTtwxhTJ7foWQ6bAVX/tNTij+Or+:AKl1qYZX54B0DeGq7rQQApRTehTxAW7i

Entry address:

0x13940

Entry point:

55, 8B, EC, 81, EC, F4, 00, 00, 00, B8, D8, 17, 00, 00, 89, 45, 94, 53, 83, E8, 9C, 8B, 55, 94, 89, 55, 94, 83, FA, 57, 74, 03, 89, 55, 94, 89, 45, 94, 56, 8B, 55, 94, 03, D0, 89, 55, 94, 57, 2B, C2, 8B, 75, 94, 89, 75, 94, A9, EA, 00, 00, 00, 74, 09, 8B, 4D, 94, 89, 4D, 94, 89, 45, 94, 89, 45, 94, 68, 58, 70, 42, 00, FF, 15, C4, 68, 42, 00, BE, 9C, 00, 00, 00, 89, 75, 94, 83, F8, 98, 75, 32, BA, 50, 00, 00, 00, 83, EA, 41, 89, 55, 94, BF, E8, 2D, 00, 00, 89, 7D, 94, 83, C6, E2, 8B, D7, 89, 55, 94, 89, 55... 
[+]

Entropy:

7.7944

Developed / compiled with:

Microsoft Visual C++

Code size:

139 KB (142,336 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Agixzykeduno

Command:

"C:\Documents and Settings\{user}\Application data\ocsexia\houmqyu.exe"

Remove houmqyu.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.