» khatra.exe
Overview
Analysis
File Details
Behaviors (1)

khatra.exe

The executable khatra.exe has been detected as malware by 50 anti-virus scanners.

File name:

khatra.exe

Version:

0.0.0.3

MD5:

0182d604c002f20d5a6f1f999adbe167

SHA-1:

e0821cdfeb65d30746b67fee4ce3fc1779f50287

SHA-256:

3b74dd580d2c5151a3001bfeae6f2971f4f505bb0c10e46bc312bca4cb397e7b

Scanner detections:

50 / 68

Status:

Malware

Analysis date:

4/24/2024 2:05:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.zq3@r1djbLfib

889

Agnitum Outpost

Worm.Autorun.ARFH

7.1.1

AhnLab V3 Security

Trojan/Win32.AutoIt

14.08.29

Avira AntiVirus

TR/Dropper.Gen

7.11.138.0

avast!

Win32:AutoRun-CLF [Wrm]

2014.9-140829

AVG

Proxy

2015.0.3367

Baidu Antivirus

Worm.Win32.AutoRun

4.0.3.14829

Bitdefender

Gen:Trojan.Heur.zq3@r1djbLfib

1.0.20.1205

Bkav FE

W32.KhatraFamNHR

1.3.0.4959

Clam AntiVirus

Trojan.Peed-474

0.98/18355

Comodo Security

Packed.Win32.MUPX.Gen

17958

Dr.Web

Trojan.MulDrop3.33928

9.0.1.0241

Emsisoft Anti-Malware

Gen:Trojan.Heur.zq3@r1djbLfib

8.14.08.29.12

ESET NOD32

Win32/AutoRun.Autoit.BJ

8.9564

Fortinet FortiGate

W32/AutoIt.AEI!worm

8/29/2014

F-Prot

W32/Autorun.TX

v6.4.7.1.166

F-Secure

Gen:Trojan.Heur.zq3@r1djbLfib

11.2014-29-08_6

G Data

Gen:Trojan.Heur.zq3@r1djbLfib

14.8.24

IKARUS anti.virus

Email-Worm.Win32.Agent

t3scan.2.2.29

K7 AntiVirus

Trojan

13.176.11496

Kaspersky

Worm.Win32.AutoIt

14.0.0.3332

McAfee

W32/Autorun.worm.bcb

5600.7023

Microsoft Security Essentials

Worm:Win32/Katar.A

1.10401

MicroWorld eScan

Gen:Trojan.Heur.zq3@r1djbLfib

15.0.0.723

NANO AntiVirus

Trojan.Win32.Autoit.iojat

0.28.0.58491

Norman

Troj_Generic.TAHDJ

11.20140829

nProtect

Trojan/W32.Agent.417280.Q

14.03.19.01

Panda Antivirus

W32/Sohanat.KS

14.08.29.12

Qihoo 360 Security

Worm.Win32.FakeFolder.CB

1.0.0.1015

Quick Heal

Worm.Katar.Y6

8.14.12.00

Rising Antivirus

PE:Trojan.Win32.Generic.127DD451!310236241

23.00.65.14827

SUPERAntiSpyware

Trojan.Agent/Gen-Katar

10392

Total Defense

Win32/SillyAutorun.BKS

37.0.10828

Trend Micro House Call

TROJ_GEN.R0CBOH0AH14

7.2.241

Trend Micro

TROJ_AUTORUN_0000017.TOMA

10.465.29

Vba32 AntiVirus

Worm.AutoIt.Khatra

3.12.24.3

VIPRE Antivirus

Worm.Win32.Katar.a

27556

ViRobot

Worm.Win32.A.AutoIt.694784

2011.4.7.4223

File size:

407.5 KB (417,280 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Windows\System32\khatra.exe

File PE Metadata

Compilation timestamp:

4/8/2009 4:22:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:EniHo6nx2QY7slAFRWNBfrrWK0uTNRiuooqp6pfwWm+gIdJI7K0clyyvzpvTjxhx:ESo6xg5kN530xuooqMVwsgS0Tyv9H7

Entry address:

0x8B000

Entry point:

90, 90, 90, 90, 90, 53, 52, BB, 01, 26, 03, 00, B9, 00, 76, 48, 00, 8A, 11, 30, CA, 00, CA, 80, F2, CB, 80, C2, DC, 88, 11, 49, 4B, 75, EE, 5A, 5B, 81, C1, 91, 19, 03, 00, FF, E1, A3, 48, 4B, BE, 98, 6C, 4A, A9, 99, 4C, 53, 0A, 86, D6, 48, 7D, 41, 55, 33, 21, 45, 41, 30, 36, C8, F8, E9, A9, A5, AB, 49, 2D, 12, 01, A2, 00, F9, B8, 5E, 2B, 6B, 43, CA, 52, AF, AD, 00, 00, E6, FB, 25, 78, C8, E2, 13, F9, 7D, 1D, ED, DD, 71, 00, B0, 55, 2D, AC, 9A, D5, 28, 15, D4, F0, CF, 25, E4, CF, 11, 8E, 56, C2, CE, 3F, 70... 
[+]

Entropy:

7.7675 (probably packed)

Code size:

204 KB (208,896 bytes)

Policies Explorer Run

Name:

G_Host

Remove khatra.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.