» meteo-live.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

meteo-live.exe

The executable meteo-live.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from meteo.live.free.fr. While running, it connects to the Internet address perso110-g5.free.fr on port 80 using the HTTP protocol.

File name:

meteo-live.exe

MD5:

17a5ff38381feb40be7898847f21c478

SHA-1:

8b393567704721e4c0f3f49c5b5e2229a769a9ae

SHA-256:

18c3e9ca3a9c25317712ddfe0f014969ec921b523abb26ece6ab0a301b1837f7

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/25/2024 2:13:04 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Joke/Agent.TH

7.11.218.6

Dr.Web

Trojan.MulDrop5.33937

9.0.1.087

IKARUS anti.virus

Joke.Agent

t3scan.1.8.6.0

K7 AntiVirus

Riskware

13.201.15288

McAfee

Artemis!17A5FF38381F

5600.6813

Norman

Jorik.CX

11.20150328

nProtect

Joke/W32.Agent.963955

15.03.17.01

Rising Antivirus

PE:Trojan.Win32.Generic.12764AC9!309742281

23.00.65.15326

SUPERAntiSpyware

Trojan.Agent/Gen-Muldrop

9970

VIPRE Antivirus

Trojan.Win32.Generic

38504

File size:

941.4 KB (963,955 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:kmQodidVl2IRVwwuRBe5UZ+L0mvlGSpkTdERh9XTkS:k1odG2VnQUYlHIQh9XYS

Entry address:

0x17D001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, D0, 17, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Packer / compiler:

ASPack v2.12

Code size:

1.3 MB (1,343,488 bytes)

The file meteo-live.exe has been seen being distributed by the following URL.

http://meteo.live.free.fr/Meteo-Live.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to perso110-g5.free.fr (212.27.63.110:80)

Remove meteo-live.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.