home

media.exe

VCjpeg

The executable media.exe has been detected as malware by 37 anti-virus scanners. The file has been seen being downloaded from www.fayloobmennik.net.
Product:
VCjpeg

Description:
VCjpeg

Version:
1, 0, 0, 1

MD5:
3473973e122e68af0572cd42fb6f2737

SHA-1:
eb00da3dab547ce702415b5b940891d280bff854

SHA-256:
962b59fe3540a735b39ec0aa76141a2b89e3263dad3fdf61bc3b94bb3d7555cc

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/23/2024 10:26:26 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.56785
408

Agnitum Outpost
Backdoor.Androm
7.1.1

AhnLab V3 Security
Trojan/Win32.MDA
2015.10.17

Avira AntiVirus
TR/Nitol.A.149
8.3.2.2

Arcabit
Trojan.Symmi.DDDD1
1.0.0.582

avast!
Win32:GenMaliciousA-MFK [Trj]
2014.9-151224

AVG
Generic6
2016.0.2886

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.151224

Bitdefender
Gen:Variant.Symmi.56785
1.0.20.1790

Comodo Security
UnclassifiedMalware
23429

Dr.Web
Trojan.DownLoad3.35002
9.0.1.0358

Emsisoft Anti-Malware
Gen:Variant.Symmi.56785
8.15.12.24.06

ESET NOD32
Win32/ServStart.AD
9.12421

Fortinet FortiGate
W32/Androm.GDYY!tr
12/24/2015

F-Secure
Gen:Variant.Symmi.56785
11.2015-24-12_5

G Data
Gen:Variant.Symmi.56785
15.12.25

IKARUS anti.virus
Trojan.SecurityDefender
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.211.17567

Kaspersky
Backdoor.Win32.Androm
14.0.0.924

Malwarebytes
Trojan.Agent.ED
v2015.12.24.06

McAfee
Generic-FAWC!3473973E122E
5600.6542

Microsoft Security Essentials
Rogue:Win32/Trapwot
1.1.12101.0

MicroWorld eScan
Gen:Variant.Symmi.56785
16.0.0.1074

NANO AntiVirus
Trojan.Win32.Boaxxe.dngfca
0.30.26.3947

nProtect
Backdoor/W32.Androm.110653
15.10.16.01

Panda Antivirus
Trj/Genetic.gen
15.12.24.06

Qihoo 360 Security
HEUR/QVM07.1.Malware.Gen
1.0.0.1015

Quick Heal
TrojanDownloader.Upatre.A4
12.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.12.24.10

Rising Antivirus
PE:Malware.RDM.45!5.33[F1]
23.00.65.151222

Sophos
Mal/Zbot-TK
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Tester
9428

Total Defense
Win32/Tnega.EBCSeDC
37.1.62.1

Vba32 AntiVirus
Backdoor.Androm
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
44602

ViRobot
Trojan.Win32.Agent.110653[h]
2014.3.20.0

Zillya! Antivirus
Trojan.ZBot.Win32.234
2.0.0.2452

File size:
108.1 KB (110,653 bytes)

Product version:
1, 0, 0, 1

Copyright:
(C) 2014

Original file name:
VCjpeg.exe

File type:
Executable application (Win32 EXE)

Language:
Croatian (Croatia)

Common path:
C:\users\{user}\downloads\media.exe

File PE Metadata
Compilation timestamp:
1/29/2015 4:31:21 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:xSYQ8lZyRsgqtr6srO2PDvDlPW5o4hFFEPMdoGNgoBq10Ie5hlsZJsKoH6nWBbmh:IYlINqp66O2PDvDluFFMbGZc

Entry address:
0x4316

Entry point:
55, 8B, EC, 6A, FF, 68, 78, 5A, 40, 00, 68, BA, 45, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 90, 53, 40, 00, 59, 83, 0D, 58, 72, 40, 00, FF, 83, 0D, 5C, 72, 40, 00, FF, FF, 15, 94, 53, 40, 00, 8B, 0D, 4C, 72, 40, 00, 89, 08, FF, 15, 98, 53, 40, 00, 8B, 0D, 48, 72, 40, 00, 89, 08, A1, 9C, 53, 40, 00, 8B, 00, A3, 54, 72, 40, 00, E8, 20, 02, 00, 00, 39, 1D, 50, 71, 40, 00, 75, 0C, 68, A4, 45, 40, 00, FF, 15...
 
[+]

Entropy:
7.0113

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
16 KB (16,384 bytes)

The file media.exe has been seen being distributed by the following URL.

http://www.fayloobmennik.net/files/.../214365952.html?check=c11563c5eef146c7bf51964b1505413b&file=4560988

Remove media.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.