» janorsobacja.exe
Overview
Analysis
File Details
Behaviors (1)
Network (18)

janorsobacja.exe

The executable janorsobacja.exe has been detected as malware by 33 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘janorsobacja’. While running, it connects to the Internet address mail.ktnews.com.tw on port 80 using the HTTP protocol.

File name:

janorsobacja.exe

MD5:

8a0ab8b988ca0a9f78c304e02faee1d4

SHA-1:

331c7007bf5fcfca087acd8c190219c7e8e7794d

SHA-256:

0eea8c32be1df58bb5c30bd6d6986dfc3836e9852daa3f86e9ffe5b9eeab0be9

Scanner detections:

33 / 68

Status:

Malware

Analysis date:

5/15/2024 2:03:15 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.432541

17.02.04

AegisLab AV Signature

Troj.W32.Generic!c

2.1.4+

AhnLab V3 Security

Dropper/Win32.Necurs

2016.04.04

Avira AntiVirus

TR/Obfuscate.183808

8.3.3.4

Arcabit

Trojan.Kazy.D6999D

1.0.0.666

avast!

Win32:Malware-gen

2014.9-170204

AVG

Crypt3

2018.0.2478

Baidu Antivirus

Win32.Trojan.Kryptik

4.0.3.1724

Bitdefender

Gen:Variant.Kazy.432541

1.0.20.175

Bkav FE

W32.CanlusuAB.Trojan

1.3.0.7744

Clam AntiVirus

Win.Trojan.Agent-1150441

0.98/21511

Dr.Web

Trojan.DownLoad.64914

9.0.1.035

Emsisoft Anti-Malware

Gen:Variant.Kazy.432541

8.17.02.04.10

ESET NOD32

Win32/Kryptik.CIVW (variant)

11.13277

F-Secure

Gen:Variant.Kazy.432541

11.2017-04-02_7

G Data

Gen:Variant.Kazy.432541

17.2.25

IKARUS anti.virus

Trojan.Win32.Cutwail

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.220.19196

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1117

Malwarebytes

Trojan.Crypt

v2017.02.04.10

McAfee

Downloader-FAKV!8A0AB8B988CA

5600.6134

Microsoft Security Essentials

Trojan:Win32/Bagsu!rfn

1.1.12603.0

MicroWorld eScan

Gen:Variant.Kazy.432541

18.0.0.105

NANO AntiVirus

Trojan.Win32.Kryptik.ddunds

1.0.18.7201

Panda Antivirus

Trj/Genetic.gen

17.02.04.10

Qihoo 360 Security

Win32/Trojan.fe6

1.0.0.1120

Quick Heal

Trojan.Generic.r3

2.17.14.00

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.17202

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Obfuscator

8612

Vba32 AntiVirus

Trojan.Cutwail

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Wigon.ab

48364

Zillya! Antivirus

Trojan.Cutwail.Win32.325

2.0.0.2760

File size:

179.5 KB (183,808 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\as\janorsobacja.exe

File PE Metadata

Compilation timestamp:

8/14/2014 9:15:45 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.5

Entry address:

0x12C6

Entry point:

50, E8, 72, 04, 00, 00, 6A, 00, E8, 2D, FD, FF, FF, 0B, DB, 74, 47, 57, 8B, BB, 80, A0, 42, 00, 01, DF, 89, BB, 80, A0, 42, 00, 5F, FF, B3, 84, A0, 42, 00, 01, 1C, 24, 8F, 83, 84, A0, 42, 00, FF, B3, 5C, AE, 42, 00, 01, 1C, 24, 8F, 83, 5C, AE, 42, 00, 52, 81, 04, 24, 20, 03, 00, 00, 29, 14, 24, 8D, 83, 90, A0, 42, 00, 50, 6A, 00, E8, B5, 08, 00, 00, C7, 83, 58, AE, 42, 00, 00, 00, 00, 00, 51, C7, 04, 24, 57, 13, 40, 00, 58, 56, 89, C6, 01, DE, 89, F0, 5E, 53, 50, 57, 64, 8B, 3D, 00, 00, 00, 00, 87, 3C, 24... 
[+]

Code size:

159.5 KB (163,328 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

janorsobacja

Command:

C:\users\as\janorsobacja.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to resident.3gteam.hu (79.172.192.42:80)

TCP (HTTP):

Connects to lou.morroni.com (198.178.249.200:80)

TCP (HTTP):

Connects to ec2-54-252-148-134.ap-southeast-2.compute.amazonaws.com (54.252.148.134:80)

TCP (HTTP):

Connects to web45.webkontrol.doruk.net.tr (212.58.2.53:80)

TCP (HTTP):

Connects to rweb6.webkontrol.doruk.net.tr (82.151.132.26:80)

TCP (HTTP):

Connects to inforhard.pt (151.236.45.90:80)

TCP (HTTP):

Connects to cp-12.webhostbox.net (162.251.80.23:80)

TCP (HTTP):

Connects to www4.gmoserver.jp (211.123.214.8:80)

TCP (HTTP):

Connects to stats.goose.arvixe.com (198.58.92.228:80)

TCP (HTTP):

Connects to ssd10.stablehost.com (199.96.156.231:80)

TCP (HTTP):

Connects to s15768303.onlinehome-server.info (217.160.253.62:80)

TCP (HTTP):

Connects to s03.prag.webspace24.de (78.46.96.68:80)

TCP (HTTP):

Connects to risk.dmerlino.name (184.106.55.65:80)

TCP (HTTP):

Connects to php01.stermedia.eu (151.80.24.193:80)

TCP (HTTP):

Connects to mail.ktnews.com.tw (211.75.71.76:80)

TCP (HTTP):

Connects to fradc1www001.e-iway.net (195.68.112.156:80)

TCP (HTTP):

Connects to cloud.hostingnovapyme.com (91.148.168.94:80)

TCP (HTTP):

Connects to 395441-db2.engnetglobal.com (72.32.190.96:80)

Remove janorsobacja.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.