home

img_0018.jpg.exe

The executable img_0018.jpg.exe has been detected as malware by 24 anti-virus scanners. This is a setup program which is used to install the application. This is a trojan Bot that uses IRC to communicate with a comand and control network. The Trojan drops other malicious software and opens a backdoor on the infected computer and will run automatically on each boot. The file has been seen being downloaded from s3-sa-east-1.amazonaws.com.
MD5:
8e226f96f86bb469fe3c02146650495c

SHA-1:
dbdd6c7fb516931ce2fe9d2e6f9270aa783da8a4

SHA-256:
edae795d428382ba7c3bb05c2dac130a82bf8562040b3571c661575792ad2b24

Scanner detections:
24 / 68

Status:
Malware

Explanation:
Part of a backdoor IRC bot network.

Analysis date:
4/18/2024 5:44:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
377

Avira AntiVirus
TR/Crypt.TPM.Gen
7.11.141.146

avast!
Win32:Malware-gen
2014.9-160123

AVG
Generic10_c
2017.0.2855

Baidu Antivirus
Trojan.Win32.Themida
4.0.3.16123

Bitdefender
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
1.0.20.115

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
UnclassifiedMalware
18055

Emsisoft Anti-Malware
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
8.16.01.23.07

ESET NOD32
Win32/Packed.Themida (variant)
10.9639

Fortinet FortiGate
PossibleThreat
1/23/2016

F-Secure
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
11.2016-23-01_7

G Data
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
16.1.24

K7 AntiVirus
Trojan
13.176.11663

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.771

Malwarebytes
Malware.Gen
v2016.01.23.07

McAfee
Artemis!8E226F96F86B
5600.6511

MicroWorld eScan
Gen:Trojan.Heur.RP.5yWaaGPlKtgi
17.0.0.69

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Quick Heal
(Suspicious) - DNAScan
1.16.12.00

Rising Antivirus
PE:Worm.VBInjectEx!1.99E6
23.00.65.16121

Sophos
Mal/EncPk-DW
4.98

Trend Micro House Call
TROJ_GEN.R047H08D514
7.2.23

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen
28062

File size:
919.5 KB (941,568 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\img_0018.jpg.exe

File PE Metadata
Compilation timestamp:
4/4/2014 3:49:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
24576:uCfxUBHF5MPxj1azlTwZXDALlyB2fGgjMT:uCZEFiBx8LNjMT

Entry address:
0x1DE000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, 00, 0D, 00, 2D, 3E, DC, 0A, 10, 05, 33, DC, 0A, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 37, 04, 85, 03, 68, 29, 0E, 07, 2B, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 5D, D9, 14, A1, 53, A7, 66, 55, 6A, AE, 0C, A3, D3, 90...
 
[+]

Code size:
15 KB (15,360 bytes)

The file img_0018.jpg.exe has been seen being distributed by the following URL.

https://s3-sa-east-1.amazonaws.com/.../IMG_0018.jpg.exe

Remove img_0018.jpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.