init.exe

The executable init.exe has been detected as malware by 42 anti-virus scanners. While running, it connects to the Internet address MX01.NICMAIL.ru on port 25.
MD5:
08cc976b06f2ca6d05413776a39817f5

SHA-1:
22d9e05986cb641cb4efcf0e4eec298c828e1053

SHA-256:
5c36ffa8c4fbef29469fcae3b377a7ac822ba90d203a26215ad71f1d143d9e54

Scanner detections:
42 / 68

Status:
Malware

Analysis date:
11/20/2017 3:04:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.530125
6065142

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Packed/Win32.Katusha
2015.03.28

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

avast!
MalOb-FJ [Cryp]
150414-0

AVG
Win32/DH{eYETIAMJDwE2Ch6BElVEfIEO}
2016.0.3114

Baidu Antivirus
Trojan.Win32.Katusha
4.0.3.1559

Bitdefender
Gen:Variant.Kazy.530125
1.0.20.645

Bkav FE
W32.HemcapB.Trojan
1.3.0.6379

CMC Antivirus
Packed.Win32.Katusha.1!O
1.1.0.977

Comodo Security
UnclassifiedMalware
21564

Dr.Web
Trojan.Spambot.9653
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.530125
9.0.0.4799

ESET NOD32
Win32/Tofsee.AF trojan
7.0.302.0

Fortinet FortiGate
W32/Katusha.OT!tr
5/9/2015

F-Prot
W32/Sasfis.C.gen
4.6.5.141

F-Secure
Gen:Variant.Kazy.530125
5.13.68

G Data
Gen:Variant.Kazy.530125
15.5.25

IKARUS anti.virus
Backdoor.Win32.Cetorp
t3scan.1.8.9.0

Jiangmin
Packed.Katusha.azjm
KV150509

K7 AntiVirus
Trojan
13.202.15408

K7 Gateway Antivirus
Trojan
13.202.15407

Kaspersky
Packed.Win32.Katusha
15.0.0.543

Malwarebytes
Trojan.Injector
v2015.05.09.12

McAfee
Trojan.Artemis!08CC976B06F2
17.6.569.0

McAfee Web Gateway
RDN/Generic BackDoor!b2q
7.6770

Microsoft Security Essentials
Threat.Undefined
1.197.1980.0

MicroWorld eScan
Gen:Variant.Kazy.530125
16.0.0.387

NANO AntiVirus
Trojan.Win32.Katusha.djerwf
0.30.8.659

Norman
Gen:Variant.Barys.716
03.12.2014 13:20:04

nProtect
Trojan/W32.Katusha.27648.F
15.03.27.01

Qihoo 360 Security
Win32/Trojan.c4c
1.0.0.1015

Quick Heal
UPX.Trojan.r3
5.15.14.00

Sophos
Mal/Generic-S
4.98

The Hacker
Posible_Worm32
6.8.0.5.542

Trend Micro House Call
TROJ_GEN.F0CBOC0LC14
7.2.129

Trend Micro
TROJ_GEN.F0CBOC0LC14
10.465.09

Vba32 AntiVirus
BScope.Trojan.Agent.Wakaba
3.12.26.3

VIPRE Antivirus
Threat.4740024
39676

ViRobot
Trojan.Win32.A.Katusha.27648.K[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Tofsee.Win32.484
2.0.0.2119

File size:
27 KB (27,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\acer\init.exe

File PE Metadata
Compilation timestamp:
4/27/2004 4:06:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
768:0xRX+fZQsIf8LyffELsMtrvuE358nJ8Kaf:cQZbIfFH4BvukEJraf

Entry address:
0x173A0

Entry point:
60, BE, 00, 10, 41, 00, 8D, BE, 00, 00, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
28 KB (28,672 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (SMTP):
Connects to MX01.NICMAIL.ru  (194.85.88.242:25)

TCP (SMTP):
Connects to mx00.kundenserver.de  (212.227.15.41:25)

TCP (SMTP):
Connects to mx1.timeweb.ru  (92.53.116.47:25)

TCP (SMTP):
Connects to mail.gan.ru  (87.245.156.99:25)

TCP (SMTP):
Connects to w2.src1.vip.ir2.yahoo.com  (77.238.184.24:25)

TCP (SMTP):
Connects to server.ameradio.com  (69.160.248.2:25)

TCP (SMTP):
Connects to post.gcmpp.ru  (84.253.114.100:25)

TCP (SMTP):
Connects to pita.dynamichosting.biz  (204.244.125.45:25)

TCP (SMTP):
Connects to p3pismtp01-065.prod.phx3.secureserver.net  (72.167.238.32:25)

TCP (SMTP):
Connects to mxs.mail.ru  (217.69.139.150:25)

TCP (SMTP):
Connects to mx3.mail.uk.easynet.net  (212.135.6.25:25)

TCP (SMTP):
Connects to mx1.spaceweb.ru  (77.222.41.54:25)

TCP (SMTP):
Connects to mx1.masterhost.ru  (83.222.23.178:25)

TCP (SMTP):
Connects to mx1.emailsrvr.com  (98.129.184.3:25)

TCP (SMTP):
Connects to mx01.lolipop.jp  (157.7.107.6:25)

TCP (SMTP):
Connects to mx.yandex.ru  (213.180.204.89:25)

TCP (SMTP):
Connects to mx.fr.oleane.com  (194.2.0.80:25)

TCP (SMTP):
Connects to ms.denit.net  (62.148.189.53:25)

TCP (SMTP):
Connects to mail-by2nam010170.inbound.protection.outlook.com  (216.32.181.170:25)

TCP (SMTP):
Connects to mail.valleypizza.com  (76.73.154.179:25)

Remove init.exe - Powered by Reason Core Security