ߙjviewʚ.exe

The executable ߙjviewʚ.exe has been detected as malware by 37 anti-virus scanners. While running, it connects to the Internet address ip-184-168-221-34.ip.secureserver.net on port 80 using the HTTP protocol.
MD5:
6ce603002913452d95de82f1a9161af4

SHA-1:
32e148ab00877f9e410927d84a83dc6d3d6dbc21

SHA-256:
4bb85d5abbeb210e80c304e359c1549072ac2ba0d71b48124618d3bbba571eb0

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
12/17/2018 4:33:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Autoit.ANA
984

Agnitum Outpost
Worm.Nuqel
7.1.1

Avira AntiVirus
Worm/Nuqel.AC.8
7.11.126.198

avast!
Win32:AutoRun-BDA [Wrm]
2014.9-140526

AVG
Generic2_c
2015.0.3462

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14526

Bitdefender
Trojan.Autoit.ANA
1.0.20.730

Bkav FE
W32.Clod3ad.Trojan
1.3.0.4923

Comodo Security
Heur.Suspicious
17662

Dr.Web
Win32.HLLW.Autoruner1.41164
9.0.1.0146

Emsisoft Anti-Malware
Trojan.Autoit.ANA
8.14.05.26.12

ESET NOD32
Win32/AutoRun.Autoit.DS
8.9330

Fortinet FortiGate
W32/AutoRun.AMNL!worm
5/26/2014

F-Prot
W32/TrojanX.EFTE
v6.4.7.1.166

G Data
Trojan.Autoit.ANA
14.5.24

IKARUS anti.virus
Worm.Win32.AutoRun
t3scan.2.2.29

K7 AntiVirus
Riskware
13.175.10940

Kaspersky
Worm.Win32.AutoRun
14.0.0.3807

Malwarebytes
Worm.AutoRun
v2014.05.26.12

McAfee
W32/Autorun.worm.c
5600.7118

Microsoft Security Essentials
Worm:Win32/Nuqel.AC
1.165.247.01

MicroWorld eScan
Trojan.Autoit.ANA
15.0.0.438

NANO AntiVirus
Trojan.AutoIt.AutoRun.bzrbn
0.28.0.57380

Norman
AutoRun.BMHW
11.20140526

nProtect
Trojan/W32.Agent.357198.B
14.01.23.02

Panda Antivirus
Trj/Agent.IVN
14.05.26.12

Qihoo 360 Security
Win32/Worm.AutoRun.67f
1.0.0.1015

Quick Heal
Worm.Nuqel.a.cw2
5.14.12.00

Rising Antivirus
PE:Trojan.Win32.Generic.1288F751!310966097
23.00.65.14524

Sophos
W32/Autoit-YR
4.97

SUPERAntiSpyware
Trojan.Agent/Gen-Nuqel
10582

Total Defense
Win32/SillyAutorun.FRA
37.0.10498

Trend Micro House Call
WORM_NUQEL.SM
7.2.146

Trend Micro
WORM_NUQEL.SM
10.465.26

Vba32 AntiVirus
Trojan.Autoit.F
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25728

ViRobot
Worm.Win32.S.Autorun.357198
2011.4.7.4223

File size:
348.8 KB (357,198 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\roaming\java\?jview?.exe

File PE Metadata
Compilation timestamp:
12/24/2008 11:00:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Vp2qm4uyX++8DKNT3gQI1C43WnaJF19eAyFHQUYJ8cz7n/p5:VAl4uO8DKNbgw4GnaJtejFHLXcz7/b

Entry address:
0x17770

Entry point:
B8, 98, 7E, 4A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, BF, 72, 68, 90, 9E, 38, 2F, A7, 7B, 64, 00, DF, 94, 9D, 8E, 31, 67, D2, 6C, 21, 5C, 7C, A8, 58, E0, 4F, B3, 9C, 49, 78, F8, 01, 47, 99, 7B, 1A, 7C, C9, 01, 9A, 10, F4, 78, 93, FB, B9, 3C, 59, EF, EB, F4, F1, 2E, C5, BE, 15, 51, F6, F1, AF, 96, 67, D2, C6, 2B, 3C, BD, 73, 8D, 80, 2F, E9, 7C, 3B, AB, 5E, 78, 8A, A4, 41, AB, AB, 3A, 35, 15, 45, BD, 73, DB, DA, CD, 98, D3, 47, 5A, FC, 05, A8, 32, F7, 6F, 5B, 07, 00...
 
[+]

Entropy:
7.1313

Code size:
495.5 KB (507,392 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-34.ip.secureserver.net  (184.168.221.34:80)

TCP (HTTP):
Connects to 94-73-146-233.cizgi.net.tr  (94.73.146.233:80)

Remove ߙjviewʚ.exe - Powered by Reason Core Security