» kehadiran v1.3.exe
Overview
Analysis
File Details
Downloads (5)

kehadiran v1.3.exe

KehadiranVB

muzee

The executable kehadiran v1.3.exe has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from spmp.psa.edu.my and multiple other hosts.

File name:

kehadiran v1.3.exe

Publisher:

muzee

Product:

KehadiranVB

Version:

1.00

MD5:

710ace6b3dfa500e5bc041d4390973b6

SHA-1:

250b41b0708ea10c6384a23050c5be8194e1d1e7

SHA-256:

8dc9eb7a96c2c0ac1271ecfb78d65b8a03e1a86dc6c7fd71626ecd6d6d936d87

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

4/27/2024 2:10:10 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13105307

395

Bitdefender

Trojan.Generic.13105307

1.0.20.30

Emsisoft Anti-Malware

Trojan.Generic.13105307

8.16.01.06.08

F-Secure

Trojan.Generic.13105307

11.2016-06-01_4

G Data

Trojan.Generic.13105307

16.1.25

MicroWorld eScan

Trojan.Generic.13105307

17.0.0.18

nProtect

Trojan.Generic.13105307

15.04.07.01

Trend Micro House Call

TROJ_GEN.R047H09D415

7.2.6

File size:

260 KB (266,240 bytes)

Product version:

1.00

Original file name:

Kehadiran v1.3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\kehadiran v1.3.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:WA81FmxIdCpQZz7y8J+IOhhr9+SkXeZg5BaH3+Z9aIXEJ/6R/k6kRjhmV/68c5WS:XsFm8Zz7y8J+IShrkSkXAg5BaH3+ncz

Entry address:

0x13D0

Entry point:

68, 34, 29, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F2, 2A, D6, 62, 06, 9C, A8, 45, 97, 8F, 1F, C2, 58, 5D, E5, F3, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 30, 30, 30, 30, 30, 30, 4B, 65, 68, 61, 64, 69, 72, 61, 6E, 56, 42, 00, 2E, 2E, 5C, 2E, 00, 00, 00, 00, FF, CC, 31, 00, 06, D6, 43, 08, 4A, 4A, A0, 6B, 4A, A4, 45, 89, 2D, C0, 48, 55, CD, 08, C1, 8E, 89, 5C, 9C, E1, 41, A7, 4F, D7, 8F, 42, 6C, F0, 4A, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

5.3285

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

244 KB (249,856 bytes)

The file kehadiran v1.3.exe has been seen being distributed by the following 5 URLs.

http://spmp.psa.edu.my/.../Kehadiran v1.3.exe

http://spmp.pms.edu.my/.../Kehadiran v1.3.exe

http://spmp.pis.edu.my/.../Kehadiran v1.3.exe

http://spmp.pmj.edu.my/.../Kehadiran v1.3.exe

http://spmp.polisas.edu.my/.../Kehadiran v1.3.exe

Remove kehadiran v1.3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.