_mh_.exe
The application _mh_.exe has been detected as a potentially unwanted program by 39 anti-malware scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
MD5:
1fbbd1b368c81fe55686c5ecf41bffdd
SHA-1:
fd5a74aed2589a69f57a70344d8f08a7e9f39d30
SHA-256:
b62c49d458a4f3641ff063e0c198a4347e4a5bf389fba74f6c5607317549a02c
Scanner detections:
39 / 68
Status:
Potentially unwanted
Explanation:
The file is infected by a polymorphic file infector virus.
Analysis date:
3/28/2024 11:50:31 PM UTC (a few moments ago)
Scan engine
Detection
Engine version
Lavasoft Ad-Aware
Win32.Sality.3
828
Agnitum Outpost
Win32.Sality.FA.Gen
7.1.1
AhnLab V3 Security
Dropper/Win32.Preloader
2014.06.15
Avira AntiVirus
W32/Sality.AT
7.11.30.172
avast!
Win32:SaliCode
2014.9-141030
AVG
Win32/Sality
2015.0.3306
Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.141030
Bitdefender
Win32.Sality.3
1.0.20.1515
Bkav FE
W32.Sality.PE
1.3.0.4959
Comodo Security
Virus.Win32.Sality.Gen
18650
Dr.Web
Win32.Sector.22
9.0.1.0303
Emsisoft Anti-Malware
Win32.Sality
8.14.10.30.11
ESET NOD32
Win32/AdWare.MultiPlug.Y application
8.7.0.302.0
Fortinet FortiGate
W95/SK.A
10/30/2014
F-Prot
W32/Sality.gen2
v6.4.6.5.141
F-Secure
Win32.Sality.3
11.2014-30-10_5
G Data
Win32.Sality
14.10.24
IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.6.1.0
K7 AntiVirus
Virus
13.180.12498
Kaspersky
Virus.Win32.Sality
14.0.0.3023
Malwarebytes
PUP.Optional.MultiPlug.A
v2014.10.30.11
McAfee
W32/Sality.gen.z
5600.6962
Microsoft Security Essentials
Threat.Undefined
1.177.578.0
MicroWorld eScan
Win32.Sality.3
15.0.0.909
NANO AntiVirus
Virus.Win32.Sality.bzkem
0.28.0.60475
Norman
Sality.ZHB
11.20141030
nProtect
Win32.Sality.3
14.06.23.01
Panda Antivirus
W32/Sality.AA
14.10.30.11
Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015
Quick Heal
W32.Sality.U
10.14.14.00
Rising Antivirus
PE:Win32.KUKU.GEN!1463551
23.00.65.141028
Total Defense
Win32/Sality.AA
37.0.11018
Trend Micro House Call
PE_SALITY.ER
7.2.303
Trend Micro
PE_SALITY.ER
10.465.30
Vba32 AntiVirus
Virus.Win32.Sality.bakb
3.12.26.3
VIPRE Antivirus
Threat.4734158
29708
ViRobot
Win32.Sality.N
2011.4.7.4223
Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.1835
File size:
631 KB (646,144 bytes)
File type:
Executable application (Win64 EXE)
Common path:
C:\ProgramData\saveclicker\_mh_.exe
CTPH (ssdeep):
12288:0abNaQe1D9IE3GXHg6KiOo0Tib138HMjb9UOPi90gx:0aZq5qyo8ib1W+b9r98