home

mu.exe

Launcher.Premium

RabanSoft.

The executable mu.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address edge-star-mini-shv-02-mia1.facebook.com on port 443.
Publisher:
RabanSoft.

Product:
Launcher.Premium

Version:
1.8.8.4

MD5:
c1af32ae63604205b033c475225fb7dc

SHA-1:
80682a84af7a23c9ef9ac94b017e5fc9b50ee11f

SHA-256:
1e5491b5b03f59d24cb0411f501fa02b0b4b3340dbc790d3c50d31fbb734a880

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/24/2024 8:21:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.15095642
439

Arcabit
Trojan.Generic.DE6575A
1.0.0.568

avast!
Win32:Malware-gen
2014.9-151122

Bitdefender
Trojan.Generic.15095642
1.0.20.1630

Bkav FE
HW32.Packed
1.3.0.7237

F-Secure
Application:W32/Generic.80682a84af!Online
5.15.21

G Data
Trojan.Generic.15095642
15.11.25

MicroWorld eScan
Trojan.Generic.15095642
16.0.0.978

File size:
4 MB (4,143,104 bytes)

Product version:
1.8.8.4

Copyright:
RabanSoft. © 2012 - 2015

Trademarks:
RabanSoft.

Original file name:
IGC.Launcher.Premium.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\muonline season reborn 9\mu.exe

File PE Metadata
Compilation timestamp:
9/15/2015 9:05:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:rS7u4AB3ml4S++AgDffeI5bUn5SLifZMgfgRz:NNf+AceMbUnIAZMgf

Entry address:
0x764000

Entry point:
EB, 08, 0F, 16, 3F, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1B, 1B, 00, 00, 01, 00, 30, 82, 1B, 17, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 08, 30, 82, 1B, 04, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, D8, 31, 6D, 80, 03, FB, 1C, 74, 5F, 00, 84, CB, 68, 0A, 33, EC, 41...
 
[+]

Code size:
3.1 MB (3,256,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-mia1.facebook.com  (157.240.0.35:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mia1.fbcdn.net  (31.13.73.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP):
Connects to a23-52-155-27.deploy.static.akamaitechnologies.com  (23.52.155.27:80)

TCP (HTTP):
Connects to a23-54-187-27.deploy.static.akamaitechnologies.com  (23.54.187.27:80)

TCP (HTTP):
Connects to a23-52-149-163.deploy.static.akamaitechnologies.com  (23.52.149.163:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-bog1.fbcdn.net  (157.240.6.23:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-bog1.facebook.com  (157.240.6.35:443)

TCP (HTTP SSL):
Connects to ec2-54-208-253-53.compute-1.amazonaws.com  (54.208.253.53:443)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a23-4-187-27.deploy.static.akamaitechnologies.com  (23.4.187.27:80)

TCP (HTTP):
Connects to a23-4-181-163.deploy.static.akamaitechnologies.com  (23.4.181.163:80)

Remove mu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.